I am far from an Internet hacker alarmist, but I am extraordinarily paranoid when it comes to working online. And this is for good reason, as I work closely with small businesses and their cloud IT, and anyone that thinks that their business is too small for the hackers to go after them simply hasn’t been hit yet. Or maybe they have, and they just don’t know it. The bad guys are getting smarter and cleverer every day, so we must be ever vigilant.
As initially stated, I’m not an alarmist. But recently I saw a newish type of attack on businesses that has to do with money wire transfers. It’s a social engineering stunt that has taking many businesses by surprise, and it has cost them plenty.
The success of the attack centers on it coming from a company or contact that you have dealt with for years. This trusted company will be the vehicle for stealing your money because their email has been hacked.
Once a hacker has control of a company’s email, they may sit on it for many months, collecting and gathering intelligence. The hacker has nothing to do all day but read the emails coming and going from this other trusted business that you know and love. At the right time it will inject itself to request a payment or catch a wire transfer using the other company’s hacked email.
Another very important aspect of this is that people don’t like to use voice calls anymore, so everything gets done via email. Everyone is so busy. No one wants to call and hear how someone’s precious little cat was sick all week and how they had to spoon feed it throughout the night. They just want quick emails to get jobs done. Talking to people can be such a waste of so much time.
But phone calls are a great out-of-band verification method, so they aren’t always a waste of time. Just as one might use their telephone device to provide another method of proof of identity, an actual telephone call to a human being may still be among the best forms of authentication for some activities.
NOOBEH cloud service teams understand that business security and information protection is hugely important to our customers. This is why we use only modern operating systems and platforms, implement security policies and processes to ensure the highest level of confidentiality and protection, and keep an eye out for evolving threats and methods of attack.
Mike, the IT guy
NOOBEH cloud tech