Robbers with guns and masks carrying cash out of an office window are heroes of old movies. Modern criminals conduct remote cyber-attacks to steal money. It can take them just 15 minutes to transfer all the money from a corporate account – with the help of careless employees. Here is how.
It is a due day to pay contractors, but the bank refuses to make the payment, as the corporate account is empty. It is strange, as there was enough money the day before when the accountant paid the office rent. The investigation points out that someone changed the wire transfer details, and all the money went to an unknown account. By the moment the company discovered it, the scammers have already cashed the money and disappeared. The bank cannot help.
It turned out that two weeks before the accountant opened an attachment sent from an unknown address, stating the company had a debt. What seemed an attachment was a link, that once clicked, downloaded a malware. When the Trojan dropped on the computer, cybercriminals replaced the wire transfer details, and all the money flowed to their account.
How to protect yourself: install antivirus on every computer and regularly update it. Check payment information only through the bank website or software, in case of doubts contact your counterparties by phone. Employees should know how to check links in emails. Never use someone else’s computer to make financial transactions.
Employees have problems with issuing invoices and opening contracts. Files on the shared network drive are also unavailable.
One of the employees received an email from the Federal Tax Service to his personal mailbox and forwarded it to HR to check if everything was fine. The attached document had a malicious macro and downloaded malware when it was opened. The malware encrypted all the files and demanded ransom. The HR manager had access to all network drives, so all the documents across the corporate network got encrypted.
How to protect yourself: restrict macros execution in office documents. Employees should know how to safely open office documents from unknown recipients.
A secretary found a flash drive in the office and thought that one of the clients or employees left it. She decided to see what was on it, inserted it into her laptop, but the flash drive was empty. A week later, all the money disappeared from the company’s account. Nobody understood how this could happen.
In fact, cyber criminals were prepared to steal money. They made a special flash drive with a re-programmed firmware and left it in the office. When connected, the flash drive injected commands to download a Trojan. Cybercriminals got remote access to the secretary’s computer, and then to the entire corporate network. In a few days they gained access to the accountant’s computer, changed the wire transfer details, and stole the money.
How to protect yourself: disable USB ports on computers where they are not necessary. Employees should understand why it is dangerous to insert “nobody’s” flash drives into their computers.
A lawyer searched the Internet for a power of attorney template. He found one on a popular forum, downloaded and opened it in Word. Two days later, all the money disappeared from the company’s account. Again, no one understood how this happened.
In fact, the infected document was created and left on the forum by scammers. The script in the document could exploit a vulnerability in an outdated version of Word.
Nobody updated the lawyer’s computer for almost two years, and a malware could open a backdoor on it. The cybercriminal managed to hack the central server and issue a wire transfer from that machine.
How to protect yourself: regularly update all programs including operating system, browsers, and office applications.
Employees unaware of the cyber security fundamentals caused the above incidents. In addition to having antivirus installed and configured on all workstations, upskill your team to avoid most cyber security threats that can steal money from your company.
Image by Cassiano Psomas
|_ga||2 years||The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.|
|_gat_gtag_UA_150416163_1||1 minute||Set by Google to distinguish users.|
|_gid||1 day||Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.|
|pardot||past||The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.|
|visitor_id909942-hash||10 years||No description|
|lpv909942||30 minutes||No description|
|visitor_id909942||10 years||No description|