EuroPol has pulled off a seemingly über competent raid, arresting 49 perpetrators from Cameroon, Nigeria (surprise!) and Spain for a series of Man-In-The-Middle attacks on unsuspecting employees of a large number of mid size businesses.
These exceptionally nasty attacks were predicated on gaining access to corporate email addresses using Phishing, then monitoring the email systems for requests for payment. They then duplicated the invoice email linking the target to a M-I-T-M server, and then spoofed the transaction copying the one type code that the user provided from their mobile device (very cheeky indeed), and placed an immediate withdrawal direct with the bank. They are believed to have netted Millions of Euro in the process.
The only thing that the robbed individuals could have done about it was to type the banks URL directly into their browser rather than clicking through from the email. This is best practice and you should advise your user-base of this.
ITC can advise you on user awareness training, which is, as ever the core foundation of data security. If you would like more information, please contact us at: [email protected] or call 020 7517 3900.
