A firm that manages investments for Canadians was the victim of a ‘spear phishing’ attack. A ‘spear phishing’ attack is aptly named because cyber crooks who launch such attacks do a lot of research about the organization, how it operates, who the executives are, and when transfers of money are made. Long story short, cyber crooks impersonate an executive on email and send fake instructions for fund transfers.
Millions of dollars would have been transferred electronically to the cyber crooks, but for the quick thinking of one of the company’s executives.
“Cyber crooks always follow the same patterns because it produces a lot of results for them,” says Daniel Tobok, CEO of Cytelligence Inc.
The pattern is essentially this: the crooks know that a large amount of money is about to be transferred to another financial institution; the transfer is done at the end of the day; the transfer is frequently done on a Thursday or Friday, especially before a long weekend (when there is no one to call at a bank on a weekend after victims realize they were swindled); there is always urgency to the transfer; and last but not least, there is always a last-minute change of plan, such as the money is to be sent to another bank or another account—or both.
“We call these manoeuvres ‘Freaky Friday’,” says Tobok.
The executive who received the fake email followed up with the executive whose email account was used to send instructions to transfer funds. When the two executives spoke face-to-face, it became very clear that the request to transfer funds was fake.
Two forensic examiners, a security specialist, and a private investigator from Cytelligence were assigned to the case.
The cyber crooks went to a lot of trouble, as they set up an entire bank website that looked very much like the real bank the asset management company uses. The spoofed emails were very close to the real ones, with one extra letter added to the domain name. In cyber security, it’s all about the details and the little things.
“Cyber crooks are very effectively leveraging human nature,” says Tobok. “We are all very busy, we all get a million emails, we want to be effective and efficient. So, a request comes through to transfer $2M, we want to do to it ASAP and get on to the next thing. Crooks are counting on that weakness.”
“The important point that executives need to understand is: timing and speed are everything in these situations,” he adds.
“We saved the asset management firm $2 million. And the culprits, in this case cyber crooks in China, were disappointed,” says Tobok.