Identifying fake dating profiles
Messages can be of a random nature, sent out en masse as part of a large spam mailing or can form part of a well crafted social engineering campaign to extract money after attackers have ‘footprinted’ an organisation, gleaning useful information from websites, compromised email accounts or from social media sites including staff profiles on Linked In.
A determined attacker may also attempt to identify staff by phone, asking to speak with an individual or attempting to confirm name, email address or sometimes job title claiming that they are working for an IT support business or another well known company.
Messages sent whilst the account was compromised may have been deleted from sent folders and trash.
These kinds of attacks can be difficult to trace as the scammers can hide their activity or be based overseas making investigation by NZ Police complex and time consuming.
Alternatively, the attackers may choose to register a new domain name as close to the business name as possible to increase the chance of an email being taken as genuine.
For example: The US-based Internet Crime Complaint Centre (IC3) – which recorded more than 0m lost to this scam across the world in 2013 – has identified three main forms to watch out for: A business has existing relationships with trusted overseas suppliers and arranges the purchase of goods and services over email with invoices being sent as attachments.
They may take the time to compromise a business email account and read the contents to make their own messages look authentic.
Actions Businesses should also build good cyber security practices into their day to day operations to protect email accounts from hacking and to prevent malicious attachments and ransomware from comprising computers.
If you find a business email account has been hacked look for hidden folders and filters set up to auto-forward messages out to another email address still operated by a scammer.
The company finds the bank account details have changed on the latest invoice and pays funds across to this new bank account only to discover days or weeks later that the account was set up by a criminal after emails were intercepted.
The email with the invoice often looks legitimate and may even have been sent from the supplier’s genuine email domain ( Hacker attack costs ,000 In this version of the scam, an executive’s email account is hacked or their account spoofed (as per the new domain name example above) and used to send requests direct to an employee in charge of payments or accounts.