In a recent announcement, Toronto Police Services warning business about email fraud and how to protect your organization.
In the announcement, the Toronto Police Service is making investment firms and other businesses to be aware regarding an alarming rate of increased cyber criminals trying to use hacking techniques better known as ‘Email Compromise Fraud’ to impact organizations with a significant financial loss, reputation, down time, and loss in productivity.
Cyber criminals are conducting email fraud using the following methods:
Cyber Attack Method 1 – Email Impersonation
- The cyber criminals will hack into a trusted supplier or legitimate client email system.
- The hackers will send a fraudulent email to a target company with a statement of money owing.
- The cyber criminals will then instruct the targeted organization make a payment or wire money to a different bank account.
- The hacker will use a strange reason for the financial account change.
- The cyber criminals are relying on the employee believing the email is legitimate, so they execute the payment.
- Once the payment is sent, the cyber criminals control the new financial account.
A good cyber security policy to protect your business is to add verbal verification for all account changes or transfer over a certain amount. This will allow your employees verbally verify the change in financial changes.
Cyber Attack Method 2 – Impersonation of an Executive
- The cyber criminals will hack as an executive’s email of an organization.
- The hackers send an internal email requesting funds be transferred.
- The cyber criminals will request the transfer be made to a personal account.
- The hackers will investigate the account to send information to an employee with the responsibly of payments.
- The cyber criminals rely on the employee completing the financial transfer as they believe it is legitimate.
A good cyber security policy is to enable two-factor authentication (2FA) on email to mitigate the risk of email compromise. You should also disable email forwarding of company email to a third-party email such as Gmail or Hotmail. Another cyber security policy is to follow the instruction in cyber attack method 1 and add a verbal verification of any financial changes.
Toronto Police Warning Businesses About Email Fraud Summary
In both cyber-attack methods, the cyber criminals achieve the ability to gather enough information by investigating the user’s emails and calendars to obtain the information necessary to facilitate a cyber-attack.
The reports to the Toronto Police Services show that cyber criminals avoid detection by changing the email rules and email settings including the ability to receive specific incoming emails.
In all these cyber security threats, the cyber criminals targeted organizations using specific IP addresses based in other provinces or countries. Organizations should discuss with their managed IT services providers or IT department the use of conditional access to limit out of country IP addresses or improbable travel.
How can you use this Toronto Police Warning?
Here is a list of warnings all businesses should look out for when protecting themselves from cyber criminals:
- Have users watch this quick 7 minute Quick Security Awareness User Training
- Always exercise caution when someone requests substantial payments, transfers, or account changes.
- Always look to ensure email address and domains are accurate (example: firstname.lastname@example.org vs. email@example.com)
- Always be cautious of any “urgent” requests regarding financial information.
- Always be cautious if the authorizing contact is “not available” to verify the transaction.
- Always add verbal verification to any account changes.
- Always ensure your email is monitored from cyber security threats.
If you find your organization is part of such an attack, immediately contact your bank to have the transfer or payment reversed.
Here is a list of Canadian financial institutions fraud centres:
- CIBC – 1-888-872-2422
- RBC – 1-800-769-2511
- BMO – 1-844-837-9228
- TD – 1-888-751-9000
- Scotia Bank – 1-800-472-6842
Full Toronto Police Service New Release – Police advising investment firms and other commercial businesses of increase in ‘Email Compromise Fraud’
Let our complimentary data breach scan investigate if your credentials have been compromised by hackers.
365 iT SOLUTIONS is a leading IT consulting firm in Toronto that offers Managed IT Services, Tech Support Services, Cloud Services, Managed Security Services, IT Support Services, IT Outsourcing Services, Business continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.
We Make IT Simple!