A few weeks ago, the CFO at one of our clients received an email from the CEO asking how long it would take to make a wire transfer to close a deal he was working on. The CFO dutifully responded, requesting the account numbers and bank information. Shortly the wire transfer was initiated.
It all went smoothly, except the CFO had not been emailing with the CEO, and the transfer was to a bank account outside of the country! Someone was impersonating the CEO.
Fortunately, the wire transfer was stopped and no money was lost. But, the FBI is involved as well as other authorities.
Spear Phishing is one of the latest scams to hit small to medium size businesses, literally costing millions of dollars per year. No it is not a sport!
Unfortunately, this is not something that you can protect against with updated hardware or content filters, there is no malicious code to look for – it is a socially engineered attack.
It’s designed just for one person – you. Imitating the email address and name of someone you know, with the information available on social media it is increasingly easy to create a realistic impersonation of someone.
Be aware of the information you have posted on your company website and social media outlets and minimize the details that would allow someone to know too much about you!
And contact us for suggestions on how to protect against this type of threat.