The term computer fraud refers to all frauds where attackers, usually via malicious email, illegally gain a profit at the expense of the victim. We have all received an email at least once from a "high-ranking official from Nigeria" who needs help with a banking transaction, and in return we would receive a 30% of, very often, a large sum of money. Everyone is aware today that this is a simple fraud and this fact has prompted hackers to try harder, to be more resourceful. As a result, today we have more and more successful frauds. In fact, there is an entire industry based on hacking attacks where you can even buy attack tools online and have "support" available.
The latest in the series are emails from a “company director” or “head of accounting” to carry out a financial transaction with instructions about the recipient (who is often abroad). These days, the media columns are full of a case from Đakovo, where the head of finance, on the orders of the “mayor”, paid almost 50,000 euros into an account in the UK. In this case, the hacker created an email almost identical to the mayor’s, and the employee carried out the task without prior verbal consultation with the mayor. Whether the city of Đakovo will ever get its money back remains to be seen.
You can best see how well hackers can disguise email and what tricks they use in the following video:
What to do? First of all, protect your computers, servers, and mailboxes. Once you've done that (if you haven't, feel free to contact us, we offer excellent Sophos solutions), make sure to first check the domain of the incoming email. We all know about the case of the "fina email" that came from the domain fina.online instead of fina.hr. All strange domains, like the ones mentioned, should be suspicious. In this particular email, the problem was an attachment that, once opened, would install a malicious program on the user's computer and lock the documents. After that, a new email would arrive in which the user would be invited to pay a ransom, in cryptocurrencies, in order to be sent a program that would unlock the same documents. Even those who pay the ransom do not get everything back. Precisely because they are "easy victims", they "pay" and the attacker will want to use them as much as possible. So - do not open attachments before "taking a look" at the domain.
A case from the neighborhood – intercepted mail
A company in our neighborhood, which has been working with an Italian supplier for years, was left without a substantial sum of money. Namely, the email with payment information that the supplier sent them was intercepted. The content remained the same except for the recipient's account number. The email was sent from a very similar address, which contained the sender's first and last name, the company name, but with a small addition to the domain. The thing that worked in the attacker's favor was that this very same supplier had changed the account number several times, and this fact was not unknown to the person responsible for payment. The money was transferred, and by the time the fraud was discovered (when the real supplier warned about the non-payment), it had been debited from the account.
We are including all of these examples to warn you and, at least in part, to point out what you need to pay attention to. Until the next blog post…
