Cyber security is considered to be one of the biggest threats to businesses – just think of the recent ransomware infection Wannacry – and hackers are increasingly deploying new methods to wreak havoc in the cyber world. And as we know our home systems are equally vulnerable.
The following happened in New Zealand in the last two months and while the attempt was thwarted it highlights the methods hackers are using and how vigilant we need to be.
A staff member in an organization had their email account hacked. This was either via clicking a link thereby giving the hacker their credentials, or the user had a weak password.
After the hacker gained access they were able to ascertain who in the organisation had authority for payments (by reading the person’s emails and getting to know the organisation). They then sent the user an email from one of the “authorising” staff members in the organisation requesting that a payment be made. They were able to cover up who the email was really from so that when the user replied the real “authorising” staff member would not see the reply. The hacked user then had a conversation with the hacker discussing payment. This happened over a period of 10 days. Fortunately there were internal security measures in place within the organisation whereby one of the authorising parties needs to be physically present to sign off for the payment cycle so when payment was to be made it was picked up and the thread unravelled.
What can we learn from this?
Do not enter your user name and password in a web page in order to open an attachment. If you feel you need to, call the sender to confirm.
Always check the email address even if it is from someone you know.
Have very clear and set payment routines that involve someone physically physically signing off payments.
Make sure you have a complex password in place.
Don’t log on to your system for an unknown network.