NT Police Cyber Crime is warning local businesses and organisations to be alert to business email compromise (BEC) following cases of organisations losing hundreds of thousands of dollars to the cyber fraud.
Detective Sergeant Craig Windebank of the Cyber Crime Unit stated the incidence of business email compromise is increasing with over 40 reports this year, with average losses of around $70,000.
Case Study #1
A Northern Territory business suffered a compromise to their computer system that allowed the offenders to gain access to their email account. The offenders monitored the emails sent and received by the business for an extended period, allowing them to develop an understanding of the language and billing formats used by the business and their clients.
The offenders later created an internet domain name that was very similar to that used by the victim business, and used this to send realistic emails to clients directing them to change their payment accounts to accounts in the control of the offenders. As a result payments by the clients in excess of $700,000 were miss-directed into the accounts nominated by the offenders. As a direct result of prompt reporting by the victim a significant portion of the funds were recovered with an interstate offender being located and currently facing charges relating to dealing in the proceeds of crime.
Case Study #2
A Northern Territory Business received an email that appeared to be from an employee requesting their salary be directed to a new account as they had changed their banking details. The offenders are believed to have obtained the employee's details and finance area email address from information supplied on the victim businesses website contact page. As a result salary payments for the victim were re-directed to accounts in the control of the offenders, these funds were not able to be recovered.
Case Study #3
A large Northern Territory business received apparently legitimate emails advising them to redirect payments to clients to new bank accounts. The emails were well developed with the sender's details being faked to make them appear legitimate. Fortunately the business had well developed protocols for managing changes to payment details and the fraud was detected prior to changes being made. It was however determined that the offenders had gained access to the victim business email system and were estimated to have viewed in excess of 5,000 emails before sending the fake payment change requests. This demonstrates the time and resources offenders are willing to devote to this type of offending.
This is an expensive cyber fraud and one that is easily preventable by alerting staff, implementing controls on business payments and IT security.
The financial losses in these cases do not include the business costs associated with disruption and recovery of IT systems.
In our online world organisations have to think about cyber protection and training staff as a line of defence.
Organisations and businesses are also encouraged to introduce payment process controls and IT security measures to protect against business email compromise.
Staff awareness can include being alert to unexpected emails requesting the payment of an invoice and emails requesting the change of payment details for a supplier.
Cyber fraud often relies on social engineering techniques and that people are generally busy and trusting. It pays to think and check what is being asked and to hover on and check web links in emails before clicking on them.
Staff training material is available online at becybersmart.nt.gov.au.
Criminals are constantly developing increasingly sophisticated BEC techniques that can include a combination of social engineering, email phishing, email spoofing and malware. A combination of staff training, payment process controls and IT controls will better protect your organisation.
Business Email Compromise is a fraud that is prevalent worldwide – in 2016/17 financial loss from business email compromise fraud was estimated at $20 million across Australia. (Source: ACSC Threat Report 2017)
NT Police state that cyber-crime reporting has also increased by 40 per cent to date this year.
The Australian Cyber Security Centre issue cyber advice at cyber.gov.au and fraud alerts at staysmartonline.gov.au
A Business Email Compromise Workshop will be held for ICT companies, hosted by the Police Cyber Crime Unit and Australian Cyber Security Centre on Thursday 6 June from 2 to 4pm. Information is online at becybersmart.nt.gov.au.
