Hiljattain kaksi suomalaista yhtiötä on tullut julkisuuteen myöntäen, että ne ovat joutuneet kyberpetoksen uhreiksi. Samankaltaiset tapaukset ovat yleisiä myös muualla maailmassa. Tapauksissa rikoksentekijät ovat identiteettivarkautta ja muita petollisia toimia hyödyntäen huijanneet yritykset maksamaan huomattavia summia.
As the summer holidays are approaching, companies should once again pay attention to the handling of payments.
CEO fraud scams have been increasing in volume and variety for several years. Especially during vacation times, cyber criminals take advantage of the opportunity that arises when offices are manned by temporary workers and the probability of a successful scam is higher than usual
These so-called CEO fraud scams are a form of cyber criminality. The criminals acquire information about the company and its executives and approach those who are responsible for making payments with a fake e-mail in which they request an urgent or exceptional payment. The e-mail is often signed by the CEO and looks really real.
“In some cases, a CEO scam is related to a data security breach. This makes the scam very challenging for the person who is targeted, as the data security breach has given the criminal access to the organization’s data systems, where they can learn about organizational finances or, for example, future acquisitions. These scams differ from typical payment scams as they are more sophisticated and the sums paid can be very large”, Nixu’s leading information security expert Antti Nuopponen explains.
An organization can do a lot to prevent scams. The organization’s own pre-planned and established processes play a key role in stopping cyber attacks. Education and training on information security matters for all staff can stop an attack or at least reduce the probability of it being successful.
In addition to this, constant vigilance is required of all staff. The following tips will go a long way:
- Always use the processes and practices for approving and handling payments that your company has agreed on. Also in exceptional situations where you are in a hurry.
- Never make a payment requested in an e-mail without checking that the message and reason for payment are genuine. Check the contact information provided in the e-mail against other sources and call the sender through the switchboard, not on the number mentioned in the e-mail.
- Never disclose information about the technology your company uses over the phone and never give your personal passwords or usernames to anyone.