search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
several cups of coffee, for example. The average employee will hold the door open for them – but that could be a big mistake. Sometimes security has to take precedence over politeness. Determined hackers won’t just call at


the front door – they’ll also call you on the phone. Exactly what this involves varies depending on their motives, but oſten phone scams will involve attackers impersonating C-level executives, your IT team or even your customers. Phone-based social engineering


can range from a single call to a long campaign over months where the attacker builds a relationship with their victim. The outcome could involve a large fraudulent payment, passwords being handed over or further attacks. Be wary of suspicious questions and


callers who cannot supply even basic information about themselves and their roles in the company. And be careful what you give out – even small, seemingly innocuous bits of information can be pieced together to build a convincing story for a bigger, more costly social engineering scam. Cyber criminals are aware that behind


every professional is a personal life, and they’ll seek to exploit this. A common ploy is to create a fake account with an attractive profile picture and send a message or friend request to their victim on Facebook or LinkedIn.


If the plan works – and you might be surprised how many senior executives fall for this – the scammer can gather personal information from the victim’s account (including potential clues to


‘ Phone-based social engineering can range from a single call to a long campaign over months where the attacker builds a relationship with their victim’


their passwords and security question answers), send them malicious files that download and install malware or gain their trust and extract personal information directly. Preventing this is quite simple: never add anybody you do not know in real life on social media, and even when adding someone you know be sure to verify that the account is genuine. You never know who is lurking on the other side of the screen. For all of the more complex tactics


listed above, however, the oldest trick in the book oſten works the best. If an attacker knows where the target company’s office is – and that’s easy


enough to find out – it is not difficult to locate the nearest pub to stake out. Aſter a few drinks even the most


conscientious employee can let their guard drop. Conversations about company projects, the business hierarchy and personal grievances could all reveal sensitive information – or worse, if a worker is complaining about their job they could highlight themselves as a target to recruit for an insider attack. This is one of the most difficult


vulnerabilities to defend against, but as with any threat, it is important to ensure employees know exactly what is at stake and how useful even the smallest bit of information could be to an attacker. n


C-SUITE IMPERSONATORS TARGET EMPLOYEES


It’s 4:57pm and you receive an email. It’s the company’s chief executive, asking you to authorise a payment for a deal that has just been signed with a new supplier. This is urgent, he explains. It has to be done before you leave – it cannot wait until tomorrow. What do you do? There is a 90% chance you will send the money without asking questions, according to a study by The Email Laundry. That is what makes CEO fraud so attractive to cyber criminals. These scams – which can also be operated through calls or text messages – require extensive research. Everything


14 DIRECTOR OF FINANCE


from names and job titles to email signatures and company jargon must be perfect to convince workers they are really speaking to their superiors. But it is worth it for the perpetrators – the FBI says CEO fraud cost US firms $2.3 billion (£1.8 billion)


‘ Limiting the amount of company and personal information available online can also hinder scammers’ efforts to build a convincing backstory’


between 2013 and 2016. It can be difficult for


employees to challenge authority figures, but businesses are advised to train their staff to ask the difficult questions, confirming transfer requests in person or on a phone call to verify the identity of the sender. Limiting the amount of company and personal information available online can also hinder scammers’ efforts to build a convincing backstory. However, it’s not just


employees further down the company hierarchy who need to watch out, as members of the C-suite are also falling victim to cleverly constructed cyber


scams. In one reported incident, a cyber crime gang created a convincing online persona for an attractive woman and chatted with an executive for more than a month to gain his trust. ‘Mia’ then sent the employee what she claimed was a survey to complete. In fact, the attached Excel document was specially craſted to install malware designed to steal company secrets. Our personal lives are more


intertwined with the online world than ever before, but one piece of advice from the 1990s still holds true: always be suspicious of people you meet online. n MATT SMITH


dofonline.co.uk


IMAGE WEEDEZIGN/ADOBE STOCK


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52