Fake Identity Fraud: Protection through Awareness
by Götz Schartner, CEO, 8com
In the last few months, two types of social engineering attacks have been causing concern among executives of global corporations, banks and government agencies. Criminals posing as CEOs, presidents and contractors have managed to persuade employees to transfer funds to their bank accounts, leading to damages of around EUR3m in the first half of 2016 in Germany alone. How can companies protect themselves against social engineers out for their money? 8com’s experience has shown that information security awareness is the key.
After news broke in August of 2016 that Leoni AG, one of the world’s leading wire and cable manufacturers, had been swindled out of EUR40m by a social engineer using nothing but email, the company’s stock dropped almost 7%. How could this have happened? A two-week investigation by law enforcement and the company itself revealed that a young woman working in the finance department of Leoni’s factory in Bistrita, Romania, received an email, seemingly from senior German executives. She believed the email to be a genuine request for a transfer EUR40m out of the company’s bank account. According to unconfirmed reports, the money was switched into accounts in the Czech Republic.
This case of CEO fraud, also known as fake president fraud, reveals the problems and challenges facing companies when it comes to social engineering attacks. Unlike conventional hacking attacks, criminals don’t rely upon malicious software to infect computer networks. This makes conventional protection, like firewalls and antivirus software, ineffective. The social engineer’s target is the human operating system. In order to develop strategies to deal with fake identity fraud, one must take a closer look at the methods used by social engineers.