Social Engineering: A Case Study on Cybersecurity
It can happen anywhere. It can happen to anyone. We know because it happened to us. Thankfully, this is not a case study on a cyber-hacking, because THANKFULLY, Executive Speakers Bureau has taken the proper steps to educate our staff, and protect our information to prevent a hack. This is a case study about social engineering. It is a story as old as time (or in this case, the internet).
- Bad guy seeks to get rich quick.
- Bad guy performs a simple search on company and finds the name(s) of leadership.
- Bad guy creates a dummy email using company leadership’s name, sends an email to the finance contact stating he is busy, and asks for funds to be wired to an account.
- Bad guy hopes that the email recipient doesn’t pay attention, and transfers money, thereby making him (or her) instantly rich.
However, thanks to lessons learned from Former FBI Agent and cybersecurity expert Scott Augenbaum, we paid attention. According to Scott and the FBI, this business email compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Since January 2015, the FBI reports that businesses identified exposed losses have increased 1300%. The Business Email Compromise or executive impersonation has had a global loss of $5 billion over the past three years (according to the FB)I and this crime takes little sophistication to pull off. Trend Micro predicts global losses will exceed $9 billion next year. Literally every day, thousands of dummy email accounts are created hoping that just one person isn’t paying attention. And sadly, millions are not.
So how can you prevent this type of cyber fraud in your company? Scott Augenbaum explains three simple steps you can take:
- Create a Two-Factor Authentication for all of your confidential accounts. This includes emails, social media, business software, etc. Two-Factor Authentication (TFA) is an extra layer of security that is known as “multi factor authentication” that requires not only a password and username but also something that only that user has on them, i.e. a piece of information only they should know or have immediately to hand – such as a physical token or code.
- Pay attention to the Details. Any time someone is asking for money or confidential information, inspect the source. If someone has created a false email account, it is very easy to point out, if you are paying attention to the sender email.
- Verify the source. If someone asks you for money, or passwords, or any other piece of confidential information, pick up the phone and call to verify. It is so much easier to pick up the phone and say, “Hi boss, did you want this wire transfer? Yes? Great, I’ll make it happen,” than to try to get back stolen funds.
These three simple steps saved us from a potential threat. If you would like to learn more about how to save your company from being a cybersecurity fraud victim, consider bringing former FBI agent Scott Augenbaum to your next company meeting as a keynote speaker. Over the past three decades, Augenbaum responded to thousands of Cyber Crime incidents and provided hundreds of computer intrusion threat briefings with the goal of educating the community on emerging computer intrusion threats and how to not to be the victim of a data breach. In January 2018, he retired from the FBI and he shares his knowledge base to provide a unique training experience. He will scare you and make you laugh and provide you with a number of no-cost quick fixes to prevent you and your organization from becoming victims.
For more information on cybersecurity speaker Scott Augenbaum, contact Executive Speakers Bureau at (901) 754-9404.