Here at BH Consulting we have become aware of a number of attacks, known as CEO attacks, Invoice Redirection Fraud, or Business Email Compromise (BEC), against Irish businesses. A number of these attacks have resulted in financial loss for the victim companies. The Central Bank of Ireland is one example, which Lee covered in an earlier post. Ubiquiti Networks, a US based network technology multinational, reported that it fell victim to such an attack and lost over $39 million as a result. While IRISSCERT, Ireland’s first Computer Emergency Response Team, reported at its annual Cybercrime Conference in November that is also witnessed a large number of CEO Fraud attacks.
The premise of the attack is the criminals impersonate the CEO, or other senior manager, in an organisation (note some attacks impersonate a supplier to the targeted company). The criminals may do this by either hijacking the email account of the CEO or setting up fake email accounts to impersonate the CEO. The criminals will send an email appearing to come from the CEO to an individual within the company who has access to the company’s financial systems. The email will request that payment be made to a new supplier into a bank account under control of the criminals. Alternatively the email may claim the banking details for an existing supplier have changed and request payments into a new bank account under the control of the criminals.
We recommend that companies take the following steps to avoid becoming a victim of this scam;
If your company falls victim to such as scam you should firstly report the issue to your financial institution and then report the issue to An Garda Siochana.