![]() So far we have mentioned some methods that a malevolent third party can use to receive funds, however the object of the attack can be of a totally different nature. The targeted employee is therefore coerced to execute the transfer without the input of their colleagues or direct managers, and is told that if they don’t make the transfer as requested that the company will be in a lot of trouble. Here too, pressure is made on the employee, by insisting on the the urgency of the transfer, but also its confidential nature. They then send an invoice to the company, pretending to be the provider, though having the payment be made to their own bank account instead. In this case, a third party manages to identify a working relationship between two people: a provider and their customer within the company. ![]() This type of social engineering puts pressure on the employee in order to get them to comply. It is because of the apparent urgency that it bypasses the usual procedures. ![]() Here are some of the most common methods of attack: The classic President ScamĪn official-looking email is sent to an employee, telling them to make a bank transfer, and making them believe that the demand is urgent and comes from a senior manager of the company (or even the CEO). The term, “President Scam” is a bit limited, and it’s important to remember that all levels of the company are concerned. Using this technique, there are as many variations as can be imagined by the online attackers. a wire transfer) outside the usual procedures. ![]() The principle of these attacks by email is based on the attacker pretending to be someone else, to form a bond of trust with the victim, and getting the employee to perform an operation (ex. It is therefore important to know what these types of attacks consists of, which are often sophisticated, in order to prevent them and protect your business and its employees. This “activity sector”, which consists of using an impostor by email in order to divert funds or obtain data, cost businesses 2.7 billion dollars in 2022 and may even reach as high as 3.3 billion dollars by 20228.With such an economic weight, it is difficult to affirm that your company will never be concerned by this type of attack. In the large family of attacks based on social engineering, those designated by the terms “president scam” and more generally “business email compromise” (BEC) are clearly on the rise. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |