Video Blog: Every Friday, we present to you the most pertinent, news-worthy stories regarding cyber safety. As we continually rely on online platforms to store our most private and vulnerable information, new techniques are in constant development in order to take advantage of this progressive landscape. Luckily, we’re here to keep you updated with the tools and trends necessary to be sure your cyber catalogues and valuable data aren’t at risk.
This Friday we sit down with Daniel Regalado to go in depth about crimeware and talk about one of the newest ways of cyber theft- payment diversion.
Nigerian Payment Diversion Schemes: Past and Present
One of the most relevant stories being discussed are the new techniques of Nigerian payment diversion schemes. The more commonly known schemes were those of cold calls or e-mails promising the victim a large amount of money- never to be seen- for a small upfront fee, paid to the offender(s). This technique relied less on the wits of the offender and more on the weaknesses of the victims. Fortunately, this technique is out dated and widely known, however, now there is a much more intrusive form of payment diversion being executed. https://www2.fireeye.com/rs/848-DID-242/images/rpt_nigerian-scammers.pdf
This technique first involves a cold e-mail in the form of an invoice to a selected business. When the business opens the invoice, the offender gains access to their computer, including their client contacts. The defender will then build a case and monitor specific projects and communications between the business and selected clients. When payment time comes around, the offender will pretend to be a representative of the business, explaining bank account issues forcing the client to pay the offender personally- unwittingly to the business’ true representatives/employees. This is a particularly detrimental cyber crime because it not only takes money from the business, but could also harm relationships with trusted and long term clients. http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-four-cs-of-a-nigerian-payment-diversion-scam/
Key Measures for Avoiding Payment Diversion
- If you notice a change in accounts, or are asked to submit payment to an unknown account. Call the bank for validation.
- Get in the habit of double checking your communications before submitting or asking for payments.
- If it has already happened, report it!
Be attentive, active and thorough about your communications, invoices, and statements. Be suspicious of changes in accounts as well as changes in personal behavior (would they normally say this or word something that way?) Always keep a discerning eye and your wits about you!
Keep tuning in for accessible information about current events, trends in the field, and how you can be best prepared!