June 2023 Newsletter - If you’d like to read this newsletter at the same time as our subscribers, please sign up here.
When Criminals Call: Pretexting Attacks on the Rise
I am amazed at how brazen cyber criminals have become. Without getting into the whys of this, what you must know is that pretexting attacks have nearly doubled so far in 2023.
There are several forms of pretexting, including Business Email Compromise (BEC), where the criminal pretends to be a co-worker or client; text-based scams and AI voice scams using deepfake technology that can sample a few seconds of a CEO’s voice from a video to create a fake but convincing telephone persona.
What makes these attacks different, and potentially more dangerous, is the direct communication between a criminal and your employee. The criminal has created trust and is directing the employee to take actions that lead to system compromise or outright theft. In some cases, banks are refusing to compensate victims of pretexting attacks on the grounds that victims knowingly shared information with the criminal who committed the theft. Their attitude is, “You should have known better.”
Put yourself in the shoes of a new employee who gets a call that sounds like the CEO on the phone, or an email claiming to be from IT with an urgent software update, or a major client requesting a large delivery to a new address. Standard anti-phishing and cyber security training may not work against a determined criminal armed with a convincing, fraudulent persona.
These new tactics are significant enough to warrant two main stories this month. Our feature on Pretexting Attacks discusses different scenarios and steps businesses must take to protect themselves, while AI Voice Scams Are Here: What Businesses Must Know offers practical advice on preventing the most sophisticated cyber attacks currently in use.
BREAKING: Multiple U.S. Government Agencies Compromised by MOVEit Exploit
Two entities operated by the U.S. Department of Energy joined the list of victims of a zero-day exploit in the MOVEit file transfer program, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue an advisory directing all Federal agencies to immediately patch MOVEit software.
Any organization using this file-transfer service must ensure that the newest security patches are in place. Russian hacking group CL0P exploited a zero-day vulnerability in MOVEit systems beginning in May, allowing them to access servers that store data transferred via MOVEit. Johns Hopkins University, Putnam Investments, the University System of Georgia and petrochemical giant Shell Oil are among the organizations that have reported MOVEit-related data loss or been listed as targets by CL0P on its Dark Web platform.
According to CISA Director Jen Easterly, CL0P hackers have only been able, as far as CISA knows, to access and compromise data stored on MOVEit servers. This suggests that CL0P was not able to directly breach systems using data from MOVEit, but data stored on MOVEit could be used in future phishing and ransomware attacks, or sold on the Dark Web to identity thieves. Protect Now recommends that all users of MOVEit update all passwords and credentials that may have been exposed by this breach. Affected organizations should also consider enabling two-factor authentication if it is not already in place.
Stat of the Month
The estimated number of individuals who had their personal information stolen in Oregon as a result of the recent MOVEit attacks. Louisiana reported that anyone who holds a Louisiana-issued ID or car registration had their personal information stolen as well, adding millions more victims from this breach.
Given the widespread nature of the MOVEit data theft, anyone concerned about a compromise should move to freeze their credit, change passwords and closely monitor financial statements for any signs of fraud.
Get Our Free Cyber Security White Papers
As a thank-you to our email subscribers, we are happy to offer you the complete set of our cyber security white papers:
Cyber Crime Response Kit provides immediate step-by-step directions to follow in the event of a cyber attack to neutralize it.
Preparing Your Systems to Stop and Recover from Cyber Attacks offers guidance on hardening your systems and putting measures in place that will allow a quick recovery from ransomware attacks or system intrusions.
Decision-Making Framework is a guide to the personnel and protocols needed to prepare businesses for an immediate response to a cyber attack. Having a framework in place prior to an attack is critical to withstand an attack and its aftermath.
We have collected all three guides into a single PDF document that provides a complete roadmap business owners can use to protect systems, stop an attack in progress and restore operations after an attack. This guidance is valuable for all small- and mid-sized businesses; even if you have procedures and protocols in place, you may find additional things you need to consider. Click Here to download our full Cyber Crime Response Kit (PDF)
Fight Fraud with Procedures
Nearly every pretexting scam can be defeated by involving a second employee in the authorization process. Criminals create a sense of urgency in their targets; their requests must be handled immediately to prevent some significant harm from coming to a business, with the targeted employee taking the blame. Criminals may also attempt to sweet talk a targeted employee into doing them a favor, preying on an employee’s desire to be helpful.
Established business processes that require a second employee to authorize any unusual requests stop these attacks immediately. Put processes in place that require additional authorization for software downloads, financial activities or changes in orders and shipments, then communicate these processes to employees and clients. For example, a company can require that any delivery changes require 48-hour notice and written approval. Fraudsters will back down if an employee cites business policies or refers them to someone else within a company. In the rare cases where a persistent scammer does not back down, the second set of eyes on the request should be enough to uncover the scam.
Start Training Employees on Day One with CSI E-Learning
Cyber security employee training should begin on every new employee’s first day on the job. This is critical if your business has been scammed in the past, as we have seen examples of criminals targeting the new employees of past fraud victims.
Our CSI Protection E-Learning program covers the same topics and tactics taught in our CSI Protection Certification seminars. Employees will learn how to recognize fraud, phishing and pretexting attacks and how to avoid compromising personal and business data. Employees can complete the program at their own pace, and the E-Learning modules are always available for them to review. Individual signups are just $99.00, and we offer a specialized program for real estate professionals.
There is some extra attention on the MOVEit attack this month for a reason: All that personal data is a goldmine for criminals who carry out pretexting attacks. If criminals have your company emails, employee names, locations and titles, or lists of your clients and contacts, they have everything they need to launch attacks. While the MOVEit breaches may not result in actual data loss for anyone affected, they are likely to fuel pretexting attacks for the next 12 months.
Most of us cannot imagine a criminal calling on the phone and demanding money, or calling and demanding free goods, but this is precisely how pretexting attacks work. Pretexters hope that a targeted employee will see nothing unusual about their scam. A second set of eyes on unusual activity and clear employee procedures will stop the majority of these attacks. For more sophisticated attacks employing AI voice fraud, employees must understand the risks and have the confidence to say, “No!” to what may seem like a legitimate request.
Criminals have become more creative and more aggressive in part because the old scams are not as effective as they once were. Employee training has made phishing and gift card scams much more difficult, forcing scammers to change their tactics. Employee training must change to keep pace with those new tactics.
Stay safe out there,
Robert & the Protect Now Team