29 June 2020
With a steadily rising frequency of spear phishing, business email compromise and other attacks on corporates, the chief information security officer is everyone’s new best friend, report Wade Bicknell and Vanessa Riemer.
“Never let a good crisis go to waste,” is among the many pithy pieces of advice bequeathed us by Winston Churchill. It’s unfortunate that what was a maxim originally offered to politicians has also been adopted by fraudsters, ever ready to exploit the opportunities created by sudden events.
If the economic carnage wrought by the coronavirus crisis wasn’t enough for governments and businesses to contend with, recent weeks have brought reports of financial institutions and corporates being targeted by sophisticated criminals employing a variety of techniques to initiate payments purportedly relating to the pandemic. Google is reported to have set up a Covid-19 task force, whose priorities include preventing unemployment benefit scams.
Both pre-coronavirus and since the outbreak began, social engineering, business email compromise and vendor payment targeting have been among the favourite techniques employed by bad actors to fraudulently initiate payments. These techniques are accompanied by newer tactics that target treasury management and accounts payable teams with scams attempting to deploy malware to corrupt account information and reroute payments to fraudulent accounts or to steal proprietary information to extort money.
To support its clients in fending off such attacks, Deutsche Bank issued the notice Warning of cyber attacks related to the coronavirus pandemic in April, providing information to clients on how to identify the scam e-mails, text messages and social media posts that have been spawned by the Covid-19 crisis. More recently, cybersecurity and fraud prevention were discussed in several webinars across the globe hosted by the bank.