NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
Organisations regularly interact with their external parties, usually via email, in order to carry out the services they are providing. Cybercriminals use this constant flow of communication to try and steal the identities of these external parties in order to scam collaborators. Their goal is to lure them into transferring money or thinking that they need to give away confidential information to resolve an ongoing issue.
Every organisation communicates with one or multiple third parties (e.g., partners, clients, suppliers, etc.) in order to run operations. Cybercriminals take advantage of that exchange to gain profit: through persuasion, threat or any other form of pressure, they try to convince the victim that they either need to execute an unplanned and urgent transfer or to give away confidential information. Their objective is to convince the victim that an immediate action is needed to close or unlock an ongoing, critical operation. On top of that, they try to persuade the victim not to share this request with anyone else due to its sensitivity. Usually, the cybercriminals impersonate one of the organisation’s third parties, so the victim thinks that the request is legit. However, the bank account is not the one associated with the third-party and if there are no checks of the accuracy of data nor an approval process in place, the victim cannot identify that the request is fake. This scam can also happen through the impersonation of a CEO or director (i.e., CEO fraud) or of technical support (i.e., fake technical support scam).
An organisation’s collaborators are its first line of defence. Everyone needs to be made aware on how to identify scams and fake message in order to adopt the right reflexes. There are several ways cybercriminals try to steal collaborators’ credentials in order to get access to an organisation’s resources. A very common way is to use a phishing email, through which cybercriminals try to convince their victim to share passwords or confidential information. It is thus important to have regular informative sessions to train the collaborators about not sharing too much on social media and not clicking on a link or opening a file without analysing where it comes from first.
• Is it unexpected?
• Is it urgent?
• Do you know the person who sent the e-mail?
• Do you find the request strange?
• Where does the link you need to click on lead to? (only hover on it with your mouse, do not click)
• Is there a QR code in the message?
• Are you being personally addressed?
• Does the message contain many linguistic errors?
• Is the message in your Spam / Junk folder?
• Is someone trying to make you curious?
• Are you asked to make a payment?
No matter who is requesting information, collaborators should be aware of the policies in place regarding data classification, information transfer and sharing and acceptable use of information. In addition, having an official approval process for wire transfers lowers the chances of falling for this type of scam as someone along the process will always realise that the request is illegitimate and that nothing should be transferred. Finally, a process to verify the identity of the sender should also be in place by, for example, checking their name or bank account against an existing internal inventory or trying to contact them through another mean. Any changes requested to this existing inventory should be approved hierarchically, this means following the security and payment rules to the letter (e.g., having payments above a certain amount signed by several employees). Lastly, never describe the payment procedures in your company to strangers, i.e., keep all these procedures for internal use.
Social media and an organisation’s website offer a wide customer reach. However, it is not possible to always fully control the audience that has access to the information and posts shared. Personal or confidential information shouldn’t be shared on those platforms, as they could be used for malicious purposes, such as identifying which collaborators work in the finance department and would be more likely to be able to make a transfer.
Accounts are an entrance door to an organisation’s whole environment. They thus need to be protected by using strong passwords that are different for each account. A strong password is one of at least 12 characters and has a combination of upper and lower cases, numbers and symbols. In combination with a strong password, Multi-Factor Authentication should also be enabled wherever possible. Multi Factor Authentication requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.
1. Report the incident immediately to your IT responsible
2. Warn your colleagues that they might be getting a message from someone impersonating a specific client or provider but that they should not trust it.
3. Change all the passwords that were given (if any) on all the accounts they are being used.
4. If the scam was about bank details, immediately contact the finance responsible to inform them of the incident. If you notice that money has been stolen from your bank account, be sure to file a complaint with the police.
5. If you are the responsible of that bank account, call Card Stop on +32 78 170 170 and make sure to check your account statements. If you identify any suspicious activity, immediately call your bank so they can help you out.
Always report scams that happened via mail to your IT Responsible and to the relevant national authority (suspicious@safeonweb.be (EN); suspect@safeonweb.be (FR); verdacht@safeonweb.be (NL/DE)) and immediately delete it.
The aim of this content is to share and raise awareness of good cyber security practice.
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.