Fraudsters take advantage of team spirit – Kommersant FM
[ad_1]
Fraudsters have become more likely to extort money on behalf of top managers. Starting from October 2023, attackers began to use this scheme 10-15 times more often, according to information security companies. Cybercriminals write to employees from an account whose profile contains the name and photo of their real manager. In this way, they defraud victims of money or sensitive business information. In other cases, attackers send fake orders from the FSB or the Ministry of Internal Affairs.
Kommersant FM spoke with company executives who have encountered such a fraud scheme.
Founder of the Belaya Dacha group of companies Viktor Semenov: “I just recently read material about various fraudulent schemes and sent it to my employees telling them that they were vigilant. They said that there had already been several attempts in different regions to impersonate our partners and ask to transfer money. But, thank God, they sensed the falsehood in time. I think we just need to be vigilant. But we can take any measures, but the scammers are inventive and will begin to use a different scheme. Until the state begins to cut off these ends more effectively, businesses will have to deal with this situation themselves and try to prevent losses on this front.”
President of the Kabosh group of companies Dmitry Matveev: “Over the past six months, there have been four episodes when my accounts appeared on Telegram. One girl who used to work for us called me and told me that I allegedly wrote to her with some urgent request. She’s great, she clarified whether this is true or not. In other cases, it affected one employee from the finance department, another from the treasury department. Fraudsters target employees who have certain access rights. And now in our internal Telegram channel we constantly inform employees so that they are careful. When it comes to accessing certain things that require a password, this can only be done using DLP systems. But this is not a cheap pleasure; few companies can afford it. At the same time, you can install any DLP systems, but no one has canceled the cell phone. You took a picture of the screen, here is the data. You can simply bring them in manually.”
Managing partner of the bnMAP.pro platform Irina Dobrokhotova: “I received a message supposedly from my partner. I looked, there was just a photograph, but the text seemed strange. It was as if they were intimidating me, inviting me to join the Investigative Committee and all that. In addition, it was common for my colleague to address me as “you,” and “you” was used in messages. I immediately called him back, and he said that his account had been hacked and that it was being sent to all employees. This is a big problem, and the issue probably needs to be raised at the state level. Even somehow employees of credit institutions make mistakes. Our funds disappeared because of the bank’s fault.”
According to Positive Technologies, management communications accounted for 10% of all fraud cases in 2022-2023. Kaspersky Lab notes that in one hour an attacker can attack up to 40 employees. As a rule, the calculation is that the subordinate will not dare to contradict the instructions of the boss, explained information security expert Denis Batrankov: “There is a wave of fraud, in all the companies with which I am familiar, this has already happened. This became especially interesting when educational institutions told me about it. The problem is that universities are forced by law to publish a list of all top managers, and it’s very easy for people to give in and give money to criminals.
People react to messages that the company is having problems, an audit is underway, and they urgently need to transfer money. And very often this information is not checked, because the contact is usually similar: there is a photo, full name and position.
Fraudsters manage to adapt to a person; they are very good psychologists. There have been cases when people’s Telegram channel was hijacked after they had been corresponding for a long time, supposedly with friends.
It usually looks like this: an employee answers a call and hears that something is wrong in the office, the interlocutor cannot speak, so he will send text messages. Thus, the conversation turns into a chat. Among the goals of attackers is to gain access to a phone or computer. They may ask you to install a certain program or tell you some secret information, for example, a VPN password or an employee’s login and password. At the same time, the easiest way to protect yourself from this is to call back or ask the interlocutor something that is really known only within the company.”
In 2023, scammers stole 19 billion rubles from Russians, almost a quarter more than in 2022. These are preliminary estimates from Sberbank. Moreover, the share of Russians who received messages from attackers decreased from 76% to 67%, according to a VTB survey.
Everything is clear with us – Telegram channel “Kommersant FM”.
[ad_2]
Source link