O en español; como prevenir el fraude del CEO.
The past year the FBI published an alert pointing out that the BEC fraud exceed $12 billion globally.
The report was based on data collected by the FBI´s Internet Crime Complaint Center (IC3), international law enforcement and financial institutions between October 2013 and May 2018. The amounts represent both money that was actually lost by victims and money they could have lost had they taken the bait.
Many of these attacks are skillfully crafted. Criminals lurking on websites and social media con uncover plenty of information for fine-tuned spear phishing emails: who suppliers are, what the management structure is, who is receiving new business pitches or expansion plans, etc. Executive travel plans are particularly useful for scenarios like this since the urgency of a task can be inflated from abroad: "I'm in Singapur and we need to make a payment ASAP to this supplier or we risk losing it. Don't delay - please wire these funds immediately."
How this fraud could be prevented?:
- To train your leadership, specially in finance about the risks associated with these kind of attacks, methods of detection and manual authentication.
- Methods of detection will include to be vigilant to:
- Pressure and a sense of urgency
- Unusual request in contradiction with internal procedures
- Typosquatted domains similar to your company (@R0CHE.COM instead of @ROCHE.COM)
- To use DMARC. Domain-based Message Authentication, Reporting & Conformance, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author ("From:") domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.
You can check wether you organization has DMARC in place or not just by typing the domain part of your mail address into this resource.
DMARC check compliance for the gmail.com domain
Basically, DMARC is a technology that allows you to confirm whether an email is from the organization it claims to be from. This technology will not help you in cases where the corporate email has been compromised, and the attacker has full access to the mail account of the person in finance. Obviously this approach would require much more effort.
Since June 2016, the Global Cyber Alliance (GCA) has been working to accelerate adoption of DMARC through advocacy, by providing a set of easy-to-use tools and campaigns to drive deployement. GCA also measured the economic impact on this report. The benefits to deploy DMARC in your company are clear. What are you waiting for?