Did you know that paying a ransom to a cybercriminal, even if you do so in Bitcoin, could lead to a sanctions’ violation? That’s right, treasurers now have even more to think about – and get involved in – when it comes to cybercrime. Here, we examine the latest threats treasurers need to keep abreast of and ask industry experts what treasurers can do to ensure their systems and data remain protected.
Picture the scene: your CFO is on her way from the head office in London to an important meeting in New York. Everyone in the treasury team knows she’s travelling today. She’s just about to board her flight when treasury receives an email from her saying that an urgent payment needs to be processed before she leaves the country. She phones one of the treasury team too – just after the email has hit their inbox, but the line is bad, and she needs to switch off her phone before take-off, so she doesn’t have much time to explain. Nevertheless, the message is clear: the payment needs to be made now.
Of course, you guessed it, in actual fact, the email wasn’t coming from the CFO. It was a cybercriminal sending an email from her address – having compromised the company’s systems several months previously. With access to all of the CFO’s emails and her calendar, the fraudster had learnt how to communicate just like her and knew precisely when she was going to be getting on a plane to New York (the only true part of this whole scenario). No, the phone call wasn’t from her either; it was the fraudster spoofing her number, calling with a supposedly poor connection to help disguise their voice.