Common type of #InternetFraud and How to Avoid them

cyber-attack-data-breach

Internet fraud is happening every day, anywhere in the world. The probability that you’ll ever be a victim is so big. Certainly, if you are a director of a company or if you have a power of attorney at business accounts. Then you belong to the favorite targets of cybercriminals. We all know how cleverly and in an organized way fraudsters work. Currently, cybercriminals use several complex techniques to infiltrate corporate networks discreetly and steal intellectual property or take files hostage without being detected. These attacks are often encrypted in order to escape detection. Once their target is reached, hackers attempt to download and install malicious software on the compromised system. In most cases, the malware is used new, advanced versions that traditional anti-virus solutions are not yet able to identify.

 

We’ve listed below few significant strategies and tools used by cybercriminals to infiltrate your network as well as ways to fight against them.

 

  1. CEO fraud or social engineering

In case of CEO fraud, cybercriminals make their first connection via a phone call. They act as they are calling on the behave of auditors, certified public accountant or a government research service. This way, they are able to collect information about your company’s internal payment procedures. After that, they contact a staff member who has power of attorney to make large payments. They then act as the CEO or CFO of the company and invent a story about a possible foreign acquisition, a difficult tax check or other scenario for which, urgently and confidentially, a large sum of money has to be transferred to an account still never used. Employees who is use to receive a personal call from the CEO are chosen. Sometimes they even go for an external consultancy to increase their credibility.

 

How do you protect your company against CEO fraud?

  • If you get the urgent need to transfer a large amount of money to a new account number, you will then have to pull the alarm bell.
  • Ask to call the applicant back to know their phone number.
  • Make a call back to your CEO to confirm the transfer/payment.
  • Choose for a double signature procedure (cards and PINs) and never leave both signatures to one person.
  • Make a secret contact point (not the CEO or CFO) for confidential or urgent transfer requests.

 

  1. Networks attack with malware without interruption

The attacks can come from all the vectors: e-mails, mobile devices, Internet traffic and automated exploits, and believe me, the size of your business does NOT matter. For hackers, you are only an IP address, an e-mail address or a potential candidate for an attack. They use automated tools to perform exploits or to launch phishing e-mail campaigns, day and night.

Unfortunately, many companies do not have the right tools to deal with these attacks. Many of them do not have the tools to pass traffic through a fine comb, protect endpoints, and filter out infected emails. Some of them have firewalls that cannot detect hidden threats in encrypted traffic or rely on limited built-in system memories to store signatures of malicious software.

 

How do you protect your network every minute of every day?

With hundreds of new malware variants developed every hour, organizations need up-to-date, real-time protection against the latest threats. An effective security solution must be continuously updated 24/7. In addition, the available memory on firewalls is insufficient to support the considerable number of types and variants of malicious software.

To be effective, firewalls need to use a network sandbox and the Cloud to provide wider visibility of threats, discover new variants, and improve detection. In addition, ensure that your security solution supports dynamic update protection not only at the firewall gateway, but also at mobile and remote endpoints and your e-mail.

 

  1. E-fraud or phishing

E-fraud is a collective name for fraud through phishing and viruses. The fraudsters will find out your personal registration codes and electronic signatures and will clear your bank account. How are they going to work? For that you’ll certainly receive a fake email in the name of your bank branch with a link to a false login page for PC banking. For the signature code, they call you with the question of stopping your card in your card reader, or you will receive a screen to enter your signature code.

 

How do you protect your business against e-fraud?

  • Choose for a double signature procedure and never leave both signatures to one person.
  • Check everything you sign.
  • Do not share access codes or proxies of your company accounts with your employees.

 

  1. Invoice fraud

In case of invoice fraud, cybercriminals use to replace the billing company’s bank details with their own bank details. They intercept invoices sent by mail and paste them with a – often fluorescent sticker with their own bank details. That mentions the message that the bank’s business has changed. The fraud often comes to light only when the actual billing company sends a payment reminder. They also send emails in the name of the billing company with the same “change account number” message.

 

How do you protect your company from invoice fraud?

  • Ask the billing company to send each invoice both by email and by post.
  • Do not use envelopes with your logo or company name.
  • Do you receive an invoice or email with a “change account number” message? Then verify with a call it takes few minutes but save you from a huge amount loss.

 

  1. Globally attacks and rapid transformation

The success of many cybercriminals rests on their ability to continually reinvent malicious software and share it with peers around the world. In fact, new threats emerge every hour on every continent. Most hackers use an approach similar to that of burglars: they infiltrate, take all they can and go out before someone triggers the alarm. Once succeed, they reproduce this attack on another system.

Others proceed more insidiously and slowly to access larger amounts of data over a longer period of time. Some attacks arrive via the Web, others by e-mail, or enter the network via infected devices that were previously outside the network security perimeter.

 

How to protect your network from global threats via a firewall?

Reacting quickly to threats ensures effective protection. To quickly deploy countermeasures to your firewall and deal with emerging threats, use a security solutions provider that has an in-house and responsive team of protection systems experts. This team must collaborate with the broader community of safety specialists to extend its reach.

A broad domain-based solution uses a comprehensive, cloud-based catalog that lists malware globally and improves analysis of the local firewall. Finally, while a single firewall can identify and block threats based on their origin, a sophisticated firewall incorporates botnets filtering functions to reduce exposure to known global threats. To do this, the firewall blocks traffic from dangerous domains or connections established from or to a specific location.

 

In todays connected world, Cyber-attacks are expanding more then ever, but there are effective defenses. Nevertheless, the victim of an attempted e-fraud? Please contact your banker immediately to block your account before your money disappears. And if you would like to learn more and evaluate counter-attack solutions for your network environment, fill this form and our experts will come back to you asap!