MRSC – Cybercrime: A Hard Lesson
April 22, 2021
by
Category:
We often hear about the threats posed by cyber criminals and even read about instances where local governments become victims of cybercrime. Cyber criminals have used the COVID-19 pandemic to their advantage, and it is important to be cognizant of these threats and how to avoid them. This blog looks at precautions a local government can take to counter a specific type of scam perpetrated by cyber criminals: vendor fraud.
A Cautionary Tale
Recently, a local government, Agency A, fell victim to cyber criminals and sent $200,000 to an overseas bank account. How did it happen?
A few months before the fraud took place, hackers were able to access two administrative employee email accounts for Agency A. The cyber criminals monitored these email accounts and became aware that a large payment was coming due. By hacking into Agency A’s cloud-based email system, the hackers pretended to be administrative staff and sent emails to the accounts payable staff, asking them to update the vendor’s banking information to a new account and claiming the vendor had recently switched banks. The hackers were also able to keep the administrators from discovering these fraudulent emails had been sent. As a result, accounts payable staff entered the new fraudulent banking information and sent the money to the new (overseas) account.
Suggested Precautions to Help Identify Fraudulent Activity
There were several precautions that could have been taken to avoid the scam perpetrated by the hackers including assessing organizational strength, creating new internal procedures, and training staff to look for specific signs of fraud.
Assess your organization’s cyber-security
One easy and cheap way to tighten an organization’s security is to have a two-step authentication process for access to email accounts. Because Office 365 is in the cloud, it is easier for cyber criminals to attempt to gain access to organizational email. Implementing a two-step authentication process makes cloud-based email accounts harder to hack. In this instance, Agency A was using Office 365 but did not have two-step authentication enabled.
Since cyber criminals frequently operate out of foreign countries, another good defense is to install cyber-security software that can detect foreign IP addresses and alert IT staff when these are detected. Agency A did not have this type of software and it likely would have identified the suspicious activity.
Watch for incorrect domain names
Typically, emails sent as a phishing scam can be easily identified through the incorrect domain name. For example, instead of elowell@mrsc.org, the email address would read something like, elowell247@gmail.com. Unfortunately for Agency A, the hackers had access to high-level employee accounts and it appeared as if emails were coming from administrative staff. Still, there are other ways to identify phishing scams, some of which are discussed below, and staff can be trained to look for these warning signs.
Scrutinize the writing in the email for grammatical/spelling errors
Many phishing emails contain misspellings and grammatical errors. In Agency A’s case the emails did not have glaring errors, but there were instances where “I” was lowercase and the few grammatical errors present were those that the administrator would not normally make. Additionally, the fraudulent emails were written in a different voice than what would have been expected from the administrator. If a staffmember has a difficult time matching the “voice” of the email to the sender, then they should be trained to follow up directly (by phone or in person) with the sender.
Be wary of last-minute requests and a…
Read More: MRSC – Cybercrime: A Hard Lesson