Hi All – You may have heard of the recent high-profile ‘sophisticated’ cyber attack which attempted to extract €4.3m from Meath County Council.  To explain exactly what happened here, you need to aware that this was primarily human error and had little to do with ‘hacking’ or ‘sophisticated’ cyber-crime activity.

Essentially persons in charge of processing payments for Meath County Council had been tricked into transferring €4.3m by the the bad guys in a good old fashioned CEO Fraud scam.

What are CEO Fraud Scams?Infection Flow 1

CEO fraud scams involve an attacker impersonating the CEO of an organisation and sending an email to the Financial Controller requesting a bank transfer to be made. The account details of the attacker are supplied, together with a legitimate reason for making the transfer. Oftentimes, these scams involve more than one email. The first requests the transfer, followed by a second email with details of the amount and the bank details for the transaction. By the time the fraudulent transfer is discovered, the funds have been withdrawn from the account and cannot be recovered

What can I do?

Education…….Education…….Education.    In the above instance – all the expensive firewalls, antivirus programs and spam filters can be easily by-passed and systems compromised once staff have no proper training

The weakest point of any companies IT infrastructure is the staff.  With the proper training, they can quickly become their strongest method of defence

With this in mind, it is imperitive that all staff in the modern workplace are ‘Cyber-Crime Aware’.   To book a Cyber-Crime Educational Training session for your company – Please click here