man in the middle attack fraud cybersecurity

Man-In-The-Middle Attacks Morph to Include Wire Fraud

When we think of man in the middle attacks, we think of rogue hackers setting up access points in restaurants and coffee shops to intercept the signals of innocent patrons reading emails, online shopping, and checking social media. But the concept allows for more high-end corporate fraud than some might have thought possible.

Cyber-Security Challenge

cybersecurity training prilock security awareness protect identity phish cyber attack fraud

The most challenging aspect of working in cyber-security is keeping up with cyber-criminals, and actively anticipating their next steps. It’s next to impossible to do since they are free to lie, cheat, steal, and impersonate anyone to get what they want. So, we find ourselves in a constant whack a mole paradigm, always one step behind the criminals reacting to their latest schemes.

Hack Attack

cybersecurity training prilock security awareness protect identity phish cyber attack fraud hacker

Since hackers pivoted to attacking employees rather than networks for initial penetration, their arsenal has become even harder to thwart. Every employee is burdened with a common defect when it comes to being conned…. They are all human. They give the hackers a plethora of tools to use against them. They’re in a hurry, trusting, friendly, want to help, respond to flattery and kindness, unsuspecting, empathetic, considerate, and lazy. They predictably respond to messages of fear, reward, ego, and compassion. Now hackers combine that psychology with personal information harvested freely from work and social sites, and a multitude of communication channels such as online chat support, emails, phone calls, and even text messages to reach them 24/7.

Robinson Cole’s Data Privacy + Security Insider

cybersecurity prilock robinson cole

Robinson Cole’s Data Privacy + Security Insider article, Protecting Against Wire Fraud and Man in the Middle Schemes shows (below) a new way hackers are using man in the middle attacks to steal large amounts of money from unsuspecting companies with the help of their employees:

Protecting Against Wire Fraud and Man in the Middle Schemes

The scammers continue to find easy ways to dupe unsuspecting businesses into sending information or money to them. It used to be that we had to address vast fraud schemes with phishing emails requesting the W-2s of employees. That is child’s play now as most companies are aware of the scheme and don’t fall victim to it.

cybersecurity training prilock security awareness protect identity phish cyber attack wire fraud

Similarly, in the past year, we have seen a dramatic increase in wire fraud and man in the middle schemes. These schemes usually start with a sophisticated phishing email that an employee clicks that looks like it is from a trusted vendor, who has spoofed the signature line of the vendor and asks the employee to pay the outstanding invoice.

During the email trail, which can go back and forth on multiple occasions, the intruder will tell the employee that when they pay the outstanding invoice, the vendor has changed its bank account and wiring instructions, or is switching from the old paper check system to ECH and to use the wiring instructions in the email.

cybersecurity training prilock security awareness protect identity phish cyber attack fraud

The money is wired per the email instructions to a legitimate bank in another state (that the hacker has opened online with someone else’s identity) and by the time the company finds out, the account has been drained. Sometimes the account can be frozen (usually within three days), but it is rare that the company knows in time to notify the bank and request that the account be frozen.

In this day and age, wiring instructions provided by email should never be trusted. If anyone requests payment to a new bank account or through ECH, major red flags should go up. Any requests should be confirmed in another way to properly authenticate the request, such as a telephone call to a known contact.

cybersecurity training prilock security awareness protect identity phish cyber attack fraud

The hackers spoof the signature line of a known contact and put their own email and telephone number in the signature line, so when the employee calls to authenticate the instructions, the hacker is on the other end of the line. Those checking authentication should not email the hacker back through the existing email chain, but should start a new chain to the trusted contact, and not call the telephone number in the signature line, but the telephone number that the employee looks up separately in existing contacts or on the company’s website.

You all know that my mantra these days is for employees to be “wicked paranoid.” Those handling wires in your company should be aware of these schemes, be educated about them to be prepared for them and be wicked paranoid.

Freedman, L. F. (2019). Protecting against wire fraud and man in the middle schemes. Robinson+Cole: Data Privacy+Security Insider.

  • 3
  •  
  •  
  •  
  •  
  •  
    3
    Shares