Why CFOs Need Cyber Security Awareness


Cybercriminals Target CFOs And Business Owners


Cybercriminals continue to target those in financial positions in an attempt to gain access company finances.

Today we had an instance where one of our clients was exposed to a targeted cybercrime attack via email. Not to be mistaken with a ransomware or phishing, a targeted attack requires both research and dedication on a cybercriminals behalf. 

The cybercriminal will first do extensive research on the company that they would like to target. He or she does this by looking at digital content from places like social media and company websites. Once they have all the information they require, which is typically information about the business owner and CFO, they will start their targeted email attack. 

When the cybercriminal sends the email, it will look something like the image below. The email is a short, direct and always about money. 

taget email.png

The staff at Evolve IT were amazed at the level of detail and research from this cybercriminal.
Here are a few things we spotted in this short email:

Sent from iPhone

The cybercriminal researched the business owner and found that most of their email was sent from an iPhone

Time

They sent the email midmorning when the CFO would be reading their emails

Subject Line

“Follow Up” is not a subject line that you want to receive from a business owner. This an attempt to create panic and force an impulse decision.
Once the CFO replies to the email, the cybercriminal comes back swiftly as they have captured their attention.

target email2.png

In this email, they put in all their bank details which is more than likely linked to an offshore account. The amount is generally substantial, in this case they have asked for $39,000.
When the CFO did not reply, the cybercriminal completed a followed the request.

target email3.png

Luckily the CFO picked up that it was a targeted attack and forwarded the email to our support team where it was investigated immediately. 

Email although a very valuable part of many businesses, it is also an older technology with various well-known technical limitations which can potentially lead to security issues if not identified and addressed appropriately.

 Read the Case Study: How we helped the Victorian Aboriginal Community controlled Health Organisation (VACCHO) enable Aboriginals to reach their full potential


How Evolve IT can help

At Evolve IT, we specialise in helping CFOs fight back against cybercrime through quality ICT solutions. We focus on your specific needs and create customised solutions to suit


 

Posted by Lachie Dixon

Find me on: