Effective security awareness training for your high-risk employees is becoming a major priority. The accounting team of FACC, who design and manufacture aircraft components for Boeing and Airbus were social engineered in a CEO fraud attack, causing them to transfer around 54 million dollars to a foreign bank.
They disclosed on their blog that they had become a victim of "a crime act using communication- information and information technologies." Other things mentioned were that their board immediately involved the Criminal Investigation Department and engaged a forensic investigation. The cyberattack activities were executed from outside of the company.
They continued with: "The financial accounting department of FACC Operations GmbH was the target of cyber fraud. FACC’s IT infrastructure, data security, IP rights as well as the operational business of the group are not affected by the criminal activities. The damage is an outflow of approx. EUR 50 million of liquid funds. The management board has taken immediate structural measures and is evaluating damages and insurance claims.”
Good luck with that. Cyber insurance policies tend not to cover this type of social engineering scam, see the article below. CEO Fraud, also known as Business Email Compromise (BEC) is a highly sophisticated Internet scam that penetrates one or more email accounts of employees in accounting departments, lurks for months and figures out policy and procedures, and then waits until the CEO is out on business travel before the scam kicks into gear. The scams are proportional to regular wire transfers so that the transaction does not raise eyebrows.
"BEC attackers target senior-level employees rather than consumers as it’s easier to scam them out of large amounts. In one incident, we observed the scammers asking the target to transfer over 370,000 dollars. By requesting large amounts of money, the scammers only need to be successful a couple of times to make a profit," Symantec researchers explained. They continued with: "The FBI estimates that the amount lost to BEC between October 2013 and August 2015 was over 1.2 billion. With such huge returns, it’s unlikely that these scams will cease any time soon."
C-level employees, especially CEOs and CFOs, have to be aware of the various techniques the scammers are using to trick them into wiring out large amounts of money. Effective security awareness training is a must these days. The KnowBe4 integrated training and simulated phishing platform enables your security team to simulate CEO Fraud attacks and make sure that the Accounting team is inoculated against these attacks.
Find out how affordable this is for your organization and be pleasantly surprised.
Related Pages: Social Engineering