Articles 5 min read

Guarding Against the Rising Tide: Safeguarding Your Business From Advanced Cyber Threats

Your information security is only as strong as the effectiveness of the cybersecurity training you provide to your employees. Your employees are a major access point for cyber attackers. You are always a potential target – no matter how small or large your organization is.

Increased remote work has increased your business’ risk of business email compromise (BEC). According to the Internet Complaint Center’s (IC3) 2023 Report, 21,489 BEC complaints were received with approximately $2.9 billion associated losses. Overall complaints to IC3 went up 10% from 2022 and losses increased 22% to roughly $12.5 billion1. According to the recently released survey results of 266 finance and treasury executives by Trustpair, 96% of the respondents “were targeted by at least 1 fraud attempt” and 90% of the respondents reported at least one of the attacks to be successful.

Machine learning (ML) is increasingly being used by fraudulent actors to better hone and target their messages to victims. Gone are the days of the laughably misspelled and grammatically incorrect missives from a long lost “Nigerian Prince” in need of a U.S. based individual to deposit their royal inheritance. Romance scammers can now talk to their victims using the generated voice of a celebrity. Sadly, there are cases in which victims are convinced they are in a relationship with a celebrity with whom they communicated solely through email and text, who claimed to be much younger than them. Despite attempts from not just loved ones but also digital forensic experts to provide evidence to the contrary, these people remain in denial.

There is now an up-and-coming scam of using the generated voices of family members, taken from social media, to induce parents or grandparents to send money to a relative because they needed bail money, were kidnapped or some other urgent scenario. Telephone numbers, e-mail addresses and voices can all be effectively spoofed. It’s enough to make you want to just toss all your electronic devices away and go back to the 80s.

Real-World Scenario

A company encountered a situation where two people, each through separate email exchanges, placed orders for their products. While the contact details provided seemed legitimate, the individuals were not affiliated with businesses that typically used or sold the company’s products. The company, upon suspicion, reached out to these individuals by phone. The individuals gave plausible explanations for their purchases. The company researched and confirmed people with the same names did work at the companies these individuals claimed to represent. The purchase orders were approved, and the product was shipped. Unfortunately, payment was never received.

So, what was missing from the company’s due diligence? They only reached out to contact information provided by the individuals and the independent online research the company did was publicly available to everyone, including the individuals that assumed the identities. Subsequently, the company contacted both businesses the individuals purported to work for and determined one no longer worked for the business and the other was not authorized to submit purchase orders on the business’s behalf.

Scenario Tips

Here are some ways to protect yourself if confronted with a similar scenario to our client.

Here are a couple of ways to protect yourself from that nightmare I mentioned –AI generated calls for money in emergencies.

Public Service Announcement

If you are posting your whereabouts on social media, it is best practice to post where you have been not where you are going to be and when. Social media is a treasure trove of intelligence. Criminals can surveil you via your social media and can determine a lot of information about you, such as if you are out of town.

How Withum Can Help?

Do you have concerns about your network security? Withum’s Cyber and Information Security Services Team can provide a complete service to your organization. We can check your network by testing your network security and offer recommendations to bolster your security in areas of identified vulnerabilities. Reach out to us today and we can get started.