Within 6 days of each other, two large European companies suffered a combined loss of €120 million, roughly $184 million Canadian. I bet you’re wondering how?
On January 19, 2016, Austrian aerospace component manufacturers FACC AG, reported an outflow of €50 million (approx. $77 million CAD), that was fraudulently acquired through a cyber-attack directed at their accounting department. The company is reporting it as an external attack and that it “did not affect its IT infrastructure, data security or intellectual property rights.”
On January 25 2016, Belgian bank Crelan, announced that it had also been a victim of a cyber-attack, a fraud campaign that lost the company €70 million (approx. $107 million CAD). No clients were affected and internal security auditors and law enforcement authorities were immediately contacted. Though the company has not confirmed it, Belgian newspapers are claiming the fraud is being judicially recognized as a Business Email Compromise (BEC) or a Whaling Attack.
BECs or Whaling Attacks, are a form of phishing attack that specifically targets senior executives, particularly at the C-level; CEOs, CFOs etc. While the goal of whaling is the same as phishing, during a whaling attack, the invader is using a highly customized email that looks and sounds like a trusted source, created specifically to target someone in an executive role. These are often harder to detect as they are such a focused attack. (And if you’re not sure what phishing is you should probably check out our blog about phishing here.)
The best way to prevent these attacks, is actually quite simple … security awareness training. As we have previous blogged, an untrained employee is your biggest security threat. At the World Economic Forum in Davos, Switzerland, Deutsche Bank co-CEO John Cryan told reporters that the risk of cyber-crimes is the biggest concern in 2016. Getting this training in will be vital to the safety of your organization, because whether a cyber-attack is directed at data theft or monetary theft, the best offense is a good defense!
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506. Please connect with Secure Sense on LinkedIn, follow us on Twitter @Securesense current company and industry news.