Eugene Muller, Technical Manager at Probrand
From transfer fraud to token theft, cyber criminals are constantly evolving the tactics they use to hit businesses across all sectors. According to the latest government data, 50% of all businesses have experienced some form of cyber security breach or attack in the last 12 months, costing them valuable time – and money. An increasingly common target for their attacks is the finance team, due to their access to highly sensitive information and ability to approve payment requests.
In this article, Eugene Muller, Technical Manager at Probrand, outlines the current threats that finance leaders should be aware of, with tips on how to minimise the risk.
Transfer fraud
Finance leaders may be familiar with the term ‘transfer fraud’, referring to a scam where a criminal tricks their victims into transferring money directly into their bank account. This often involves criminals impersonating someone they trust. When targeting the finance team, for example, they may imitate an existing supplier or business contact. Typically this will involve phishing, where they will replicate the look and feel of another person’s email style to trick the recipient into sharing sensitive information.
There is another form of transfer fraud to watch out for, however: the double attack. This is where the criminal hacks access to both a supplier’s email account and someone within the business who authorises transactions – often a representative from the finance team or a senior business leader. Once they gain remote access, they will be able to see all correspondence between that business and the finance departments. The next time an invoice is sent, they will look to switch the bank details. They can then make it look like the person responsible for authorising such changes – the compromised account – has approved the switch and they will have the invoice paid into their account.
In this scenario, the finance team carried out their due diligence and had email verification from both the supplier and the trusted person within their business before making the payment, but didn’t realise the emails were actually controlled by criminals. It can be difficult to trace this kind of activity – or to prevent it. Often, it only becomes apparent when the legitimate supplier chases overdue payments which the finance team thinks they have already made.
Token theft
Another increasing threat is token theft, which occurs when a criminal gains access to an individual’s online accounts and sensitive information by stealing their multi factor authentication token. If they successfully steal a token it will mean that they can bypass password or login credentials because the device trusts the user and thinks they have already given approval for access. It will even help them to avoid multi-factor authentication (MFA). The scary thing is it’s possible to lose a token by doing something as simple as clicking a link in an email that leads to a compromised site.
Once the criminal has stolen the token, they can then remotely log into your profile to access files, emails and any office 365 online services without you realising. Finance leaders are often prime targets for token theft as once the criminal has control of an account, and access to confidential business information, they can do further social engineering attacks They will use the compromised mailbox to stage further attacks normally to external contacts which can lead to both financial and reputational damage.
AI
Something else that cannot be ignored is the risk posed by the rise of AI. Many people are still exploring what AI means for them, but cyber criminals have already got a firm grasp on the new tools at their disposal. It is helping them to supercharge their activity by making it harder to detect their attempts to trick you.
When phishing emails first came into play, they were often easy to spot due to typos, inaccuracies or unusual wording. AI has helped criminals to minimise these flaws, however. They often adopt a convincing tone of voice and deploy more advanced techniques.
If the criminals also have access to an individuals’ profile, thanks to a successful token theft, criminals can take this even further. They can stay hidden in the system for months, watching and gathering data on the individual – including the way they speak and behave. Using an AI tool to process this data, the criminals will then be able to impersonate the individual to an incredibly accurate degree. They can replicate the phrases they might commonly use, the grammatical errors they might be known to make and even the time of day that they would most likely send an email. All of this builds a convincing picture of the victim, allowing their account to be used to successfully trick others in their network.
Minimising the risk
While the aforementioned threats post a very real risk to finance teams, there are steps that can help to minimise the risk and reduce the impact of cyber crime. The first step is always prevention.
Educating team members on the dangers of cyber crime is crucial. For example, awareness of the double attack may encourage colleagues to verify suspicious payment requests by calling suppliers and speaking to them directly to discuss any changes to bank details. This could be a quick way to avoid a costly error. When taking on a new supplier, it is also worth checking that they are Cyber Essentials certified and that they have a robust cyber security plan in place.
As attacks are becoming increasingly sophisticated, all businesses also need to adopt a ‘zero trust’ mindset, and assume an attack will take place. Many organisations wrongly assume they are too small to be hit – when the truth is criminals target businesses of all sizes and industries. This kind of complacency is one of the biggest threats when it comes to cyber security.
It’s also crucial to have a business continuity plan with a strong backup and recovery system in place. This should be communicated to all stakeholders and rehearsed so there is a smooth process to follow in the event of a crisis. Regular company-wide training and adequate investment in IT systems and their online security will help to minimise the risk and lessen the impact should the worst happen. But finance teams should also be working closely with IT departments to align their approach when it comes to protecting the business from the impact of cyber crime.
In spite of the challenging landscape, there are also reasons to be positive. While the media coverage of cyber attacks can feel daunting at times, it also promotes greater awareness of the risks posed and raises some important conversations. Reassuringly, most finance qualifications now include a dedicated module on cyber security and IT, which is also helping to raise awareness among the next generation of finance leaders on the need to stay vigilant. When teamed with adequate investment in IT and a solid strategy for the worst case scenario, this greater understanding will equip finance leaders with the tools they need to tackle the threats of the future.
