Low Technology Cyber Attack

As we all celebrate the castigation of the famous Instagram star "Hush Puppi", we are reminded that the biggest cyber-crime threat has almost nothing to do with technology. It is all to do with manipulating people rather than machines. Relentless Ransome attacks, with cyber criminals encrypting networks and demanding vast sums for decryption or maybe a sneaky malware attack which lets hackers hide inside the network for months on end stealing everything from usernames, passwords to bank details are all over the media - screen and print. These are awful attacks to experience and do cause terrible damage to individuals and institutions.

There is though a more serious and simpler form of cybercrime that makes scammers the most money by far - and it does not get mentioned enough. Business Email Compromise (BEC) attack according to the FBI is costing $40 billion and counting with attacks reported in at least 170 countries spread across the globe - the adage we are a "global village" comes to mind but not for what it was intended. Thanks to the internet the double edge sword - where one edge is very blunt indeed.

At the most basic level, all scammers need to do is find out who the boss of a company is and set up a spoofed, fake email address. From here, they send a request to an employee saying they need a financial transaction to be carried out quickly – and quietly.

It's an extremely basic social-engineering attack, but often, it works. An employee keen to do as their boss demands could be quick to approve the transfer, which could be tens of thousands of dollars or more – particularly if they think they'll be chastised for delaying an important transaction.

In more advanced cases, the attackers will break into the email of a colleague, your boss, or a client and use their actual email address to request a transfer. Not only are staff more inclined to believe something that really does come from the account of someone they know, but scammers can also watch inboxes, wait for a real financial transaction to be requested, then send an email from the hacked account that contains their own bank details.

By the time the victim realizes something is wrong, the scammers have made off with the money and are long gone. What's most challenging about BEC attacks is that while it's a cybercrime that is based around abusing technology, there's extraordinarily little that technology or software can do to help stop attacks because it's fundamentally a human issue.

Anti-virus software and a good email spam filter can prevent emails containing malicious links or malware from arriving in your inbox. But if a legitimate hacked account is being used to send out requests to victims using messages in emails, that's a problem – because as far as the software is concerned, there's nothing nefarious to detect, and it's just another email from your boss or your colleague.

And the money isn't stolen by clicking a link or using malware to drain an account – it's transferred by the victim to an account they've been told is legitimate. No wonder it's so hard for people to realize they're making a mistake.