This week, the Washingon Post reported a fascinating story on how “organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States.” They appear to be targeting small businesses for the simple reason that they are easier nuts to crack than large financial institutions.
Think about it for a minute and this makes perfect sense. Many of my clients frequently ask “why would anyone come after me? I don’t have anything anyone would want.” If you’ve ever watched a good heist movie (Ocean’s 11, the Italian Job, Heat, Heist, etc.) you can get an idea of what a massive “bank job” entails (at least, in Hollywood). That having been said, it’s a lot easier to simply forge an email to someone within a company using a tactic known as “spear phishing,” where the sender fools the recipient into divulging information in some way. The Post continues:
… the scammers … send a targeted e-mail to the company’s controller or treasurer, a message that contains either a virus-laden attachment or a link that — when opened — surreptitiously installs malicious software designed to steal passwords. … the crooks then initiate a series of wire transfers, usually in increments of less than $10,000 to avoid banks’ anti-money-laundering reporting requirements.
While laws protect consumers from fraudulent charges on their credit cards, similar legislation does not protect bank accounts, and generally, once the money’s gone, it’s gone, as is illustrated in this paragraph from the article:
In February, fraudsters struck JM Test Systems, an electronics calibration company in Baton Rouge. According to … the company’s controller… an unauthorized wire transfer of $45,640 was sent from JM Test’s account to a bank in Russia. … [JM Test] was able to recover just $7,200 of the stolen money…
All small businesses should ensure that everyone with access to any sort of financial information on their computers or online has gone through basic “safe browsing” and social engineering awareness training to ensure that they do not accidentally give away the keys to the kingdom.