Cyber-criminals are hiding in your inbox

2017 was dubbed the ‘year of Ransomware’ as thousands of organisations across the globe were hit by these malicious attacks that hold businesses to ransom; in some cases, the cost of the attacks reached into the millions. As cyber-attacks continue to develop in size, hackers are also evolving in their cunning approaches and the use of social engineering is powering the momentum.

Sophisticated and unceasing hacks, attacks and breaches have managed to disrupt and damage organisations small and large. Perhaps most worryingly is the trend in healthcare sector – attacks that prove hackers don’t discriminate. As we can see from the Ransomware WannaCry attack on the NHS in 2017, disrupting an organisation that takes care of the vulnerable is seen as a big payday, proving no business is safe. 

It’s important to recognise that although many cyber-attacks are automated, as Ransomware-as-a Service is on the rise, hackers still look to get their hands dirty if it means a payout. In a recent would-be breach, we saw how hackers trying to use social engineering to target people within organisations who have the ability to transfer money. This isn’t new to the world of cyber security, however it’s something everyone within an organisation should be aware of.

The hackers who lie in wait

Recently we came across an example of a potential breach from a hacker who was monitoring an email inbox. This occurred between an organisation and a trusted well-known supplier.

In an attempt to extort money from the business, a hacker was intently watching and monitoring the email inbox of an individual within the organisation. Specifically, the hacker was reading an email conversation taking place between the individual at the company and their supplier. The hacker was looking to find a way to interject into the email chain at just the right moment – requesting payment and providing the supplier’s ‘new bank account details’.

Thankfully the individual, receiving this out-of-the-blue email, questioned this request for payment. Why? It could be the wording of the request…

“Give us the moneys in the bank” – or wording of that nature.

Not exactly the usual language our potential victim was used to reading from a trusted supplier. Naturally, questions were raised. Why did the wording/language change? Why all of a sudden, mid-conversation, was a request for payment made? Why wasn’t the change of bank account mentioned in an earlier telephone conversation?

Luckily the individual in this case didn’t proceed to authorise funds to an unknown account. Instead, they flagged the email with the supplier over the phone – questioning its authenticity.

Not only was it discovered that the hackers had been lying in wait watching the conversation unfold, they had been moving emails from the real customer to the archive section of the individual’s email inbox in an attempt to conceal the actual emails the customer had been sending to their supplier.

Cyber-smart employee 1 – hacker 0

What let the hacker down after all of their cunning and hard work? Undoubtedly the language used, coupled with the bad use of grammar and spelling was the first red flag. Shortly followed by logic and intuition that questioned the reason for a sudden bank account change and request for money.

Don’t let hackers know you’re onto them

It’s important that if an email such as the one in the above example is received, that the conversation is moved offline. This way you’re able to clarify if it is a breach and hackers are present, but it also means that your IT provider has a better chance of understanding the hacker’s movements and how to block them out.

What is social engineering?

Social engineering in information security terms is deceiving someone into handing over either valuable or critical data such as credentials or directly transferring money.

In this case hackers were impersonating the supplier in an attempt to manipulate the individual to transfer funds.

What’s next?

This story was undoubtedly a success for the organisation in question; its employee was aware, vigilant and proactive.

Improving cyber security awareness for most organisations is undoubtedly a challenge. Cyber security training solutions such as Sophos Phish Threat can simulate email phishing attacks with fake ‘malicious links’ in place. If staff click the link they are taken to a training page that makes them aware of the impact of email threats and offers training to improve their awareness and understanding.

If you’d like to learn more about Ransomware you can take a look at our infographic.

Read more about Sophos Phish Threat.