We all understand the issues phishing has caused over the last few years. There have been countless
compromises targeting email systems and pivoting off these into other areas. When we thought, this
was starting to get controlled at some level, there’s a new wrinkle.
A finance worker of a multi-national firm attended a video conference call, just as so many of us do
every day. With this conference call, the finance worker was directed by the Hong Kong company’s
“Chief Financial Officer” to pay $25M. There were other “staff” in the call also. The message prior to the
meeting was a bit suspicious as it asked for the meeting to discuss a secret transaction.
Since other staff, who the finance worker recognized, were in the meeting, it seemed legitimate. The
$25M USD or $200M Hong Kong dollars were transferred. Well, not everything was as it seemed. The
CFO and other staff in the meeting were actually deep fakes. On the bright side, the police had arrested
six others with scams much like this.
Technology will find a way around the defenses and detection tools we put in place. We’ll improve the
defenses and tools only for the cycle to continue. In these instances where the transaction may not
quite feel right, the suspicious mind should overrule natural tendency of “It should be fine.” Our staff
training needs to be updated regularly to keep us with the new technology and attacks. Granted this
nuance is difficult to filter, but the human factor is there to apply common sense.
No comments:
Post a Comment