Latest news

January 22th 2019

The popularity of phishing among cyber criminals is unabated: be prepared

In the last quarter of 2018, news items about fishing were again everywhere. Articles or other items on this tenacious form of cyber fraud and the often-frustrating consequences appeared almost daily. Most striking was the Pathé incident – leading to 19-million-euro loss – but consumers are targeted and victimized incessantly.  

This means that for both organizations and consumers phishing is still a risk to reckon with. Hackers know that the most effective way to gain information is to simply ask for it.

Reading time: 3 minutes

CEO-fraud at Pathé

Phishing is not the same as hacking. This form of internet fraud involves criminals using tricks and other creative methods – such as phone calls, fake emails and other types of social engineering – to try to tempt you into providing information or agreeing to financial transactions.

The latter happened at cinema chain Pathé, when a series of emails with requests for money cost the firm 19 million euro. During several weeks, both the general manager and financial manager were bombarded with requests, apparently from the board of the French headquarters. In the emails, it said that they needed money urgently to finance ‘a secret takeover of a company in Dubai’. In the beginning, they asked for 800.000 to advance the negotiations, until the figures grew for ‘Communication and development’, etc. Eventually, a total amount of 19.244.304 euro was transferred before the French board started asking questions. Obviously, the money was long gone by then.

It is crucial that each and every organization takes sufficient measures to protect itself against this form of fraud, because some companies receive similar requests for money on a weekly basis. An indispensable fail-safe is the implementation of standard procedures and regulations, making sure that no money is transferred to unknown bank accounts without performing elaborate fraud prevention checks. This way, frauds with suppliers’ invoices that were altered or employees’ bank accounts that are changed can be halted. 

Financial fraud among consumers

CEO fraud, like in the Pathé-case, is only one type of fraud but 80 to 90 percent of all cyber-attacks on companies still starts with phishing. Also, the number of times that individual consumers are approached has increased after a few years of decline. This was stated by the police and the four major banks, ING, ABN Amro, Rabobank and SNS.  

Earlier, the Dutch Banking Association reported that the damage due to fraud around online banking more than doubled in the first half of the year, from 679.000 euro in the second half of 2017, to 1.56 million euro in July 2018. Ready-made phishing toolkits make it more than easy for criminals to send phishing mails. On top of this, con men appear to become increasingly creative, for example, by referring to current affairs and world events.

In the past period, the Fraud helpdesk reported about phishing emails from Rabobank (‘click to apply for a new card’) and ING (‘the encryption of your ING mobile will expire’), but also from companies like Bol.com, KPN and Videoland.

 The fact that no-one is safe from this form of abuse of names of companies and organizations was painfully proven by the Data Protection Authority, when they published a warning on their website about letters that had been sent out by frauds under their name. The official supervisor of our privacy is targeted by scroungers who send out harmful fake letters to entrepreneurs. In the letter, they pretend to be employed by the supervisor and ask for a company visit. On top of this, they intimidate them with towering fines and offer a worthless GDPR scan against the highest price.

Social engineering

Phishing through email is still on top of the list, as the number of digital fraud attempts keeps growing. Moreover, the attempts are increasingly advanced. The emails are not only sent to very large groups of potential victims, but often even personalized.

Hackers, for example, study your social media to find out what interests you, or how they can reach you. Frauds pose as familiar institutes, like your bank or LinkedIn, or as a client or relation from your network, like in the Pathé case. Via fake emails they try to get hold of your password, credit card data or other confidential information, or even initiate a financial transaction.

Phishing simulation Awareways

Are you interested in the click behavior of your employees and looking for a concrete method to arm them against the threats of phishing? Awareways methods go beyond click behavior. We excel in behavioral change. That moment where you decide to click or not to click is where our job begins. We use our own phishing simulation software to continuously and proactively train employees. Go to Awareways.com/phishing and ask what we can do for you.

Contact us for more information and references.