We recommend the Australians to think very carefully before they transfer their funds or hand over sensitive information at work amid global spike in business-focused spear-phishing attacks.
Sometimes scammers pretend to be senior management. According to the Australian Competition and Consumer Commission every month more than $50,000 lost by the Australians because of Business Email Compromise scams. “The scam targets businesses that have overseas partnerships with suppliers and regularly make wire transfer payments,” says ACCC deputy chair Dr Michael Schaper. Usually the scammers request international payments or data transfers. They are hijacking or spoofing the email accounts of CEOs for this aims. They can make a telephone call and inquire about specific staff members. Sometimes they pretend as recruitment companies or other business looking which need to upgrade their database. They gather the information and use this information in convincing-looking emails.
The AusCERT warns “[The attack] is most often executed when the CEO is away, making it appear more legitimate that a request would be made remotely. The attack often succeeds because the intelligence gathered earlier enables the attacker to effectively masquerade as a senior staff member of the business. Sometimes Sensitive business data is also important for scammers. The target of Business Email Compromise attacks are people.
In their emails the impostors can emphasise urgency. So the companies have to teach their employees to be careful with unusual requests and they have to remember that the internal procedures should be strictly kept. The Proofpoint research showed that the target of most impostor emails is the chief financial officer and a quarter hit human resources inboxes