Earlier this year, the Indian subsidiary of Milan-based Tecnimont SpA fell victim to one of India’s largest ever cyber fraud attacks. It began with a fraudulent email from hackers, who made to appear as if it were coming from the company’s Italy-based CEO. The scam escalated to include additional phone calls and follow up emails, supposedly from top company executives and lawyers. The fraudsters hoodwinked the Indian office into wiring $18.6 million to a bank account in Hong Kong, all for a “highly confidential” phantom company acquisition.
What was particularly alarming about this incident was the sophistication involved in executing it. Infiltrating the company’s email system before launching the scam, the hackers learned how to effectively mimic top executives’ communication styles. So convincing were the phone calls and emails that the con was only uncovered when the real company chairman visited India before the fourth and final payment could be secured.
It’s easy to dismiss such attacks as anomalies at the extreme end of the cyber-threat scale. But as hackers become increasingly sophisticated, ‘social engineering’ attacks which exploit human vulnerability are becoming increasingly widespread. Hackers know that all it takes is a moment’s lapse from an otherwise dependable employee to breach an entire security network – and they are ready and waiting.
3 Key Takeaways
- Relying on manual procedures makes us vulnerable.
Manual controls, by their nature, are as strong as the personnel that follow them. As humans are only humans, we are all bound to make mistakes. Even the most diligent employees can misread an email or mistakenly trust a fraudulent phone call, especially when tired or distracted. Humans cannot and should not be completely relied upon as the gatekeepers to security networks – technology must be utilized instead to protect valuable assets.
- Standard communication is no longer completely reliable. New methods of establishing trust are required.
The reason the India hack was so effective was because the employees trusted phone calls and emails which sounded and appeared genuine. Once trust is established, fraudsters have the power to influence their victims’ behavior with relative ease. In an era where companies operate on a global scale, correspondence and phone calls are relied upon to build working relationships and establish trust. Unfortunately, in the digital age, these channels can be readily compromised as hackers use increasingly sophisticated means to manipulate them. To avoid this pitfall, organizations must seek new methods of establishing trust.
- Use out-of-bound data and third parties to create an extra layer of protection.
Using an external, independent third party to protect data and important documents adds an additional challenge for hackers looking to intercept them. To create an additional layer of protection for critical data, ensure that the data you use is out-of-band (meaning that the data is transferred through a stream that is independent from the main data stream). Out-of-band is especially challenging to manipulate and thus should be utilized whenever possible.
How nsKnox can help
We provide an external, third party, out-of-band source of information to establish the veracity of suppliers’ payment-related details. Our Global Payee Database™, which is protected by our Cooperative Cyber Security (CCS) technology, enables organizations to establish trust quickly, efficiently and, most importantly, reliably.
Our technology streamlines the accounts payable process while creating a vital layer of protection. This means organizations can save time and costs, while ensuring that their financial teams are protected from social engineering, email scams and all other kinds of malicious impersonations.