Over the last month I’ve been collecting up examples of simple yet serious fraudulent activities in preparation for a number of security-related meetings and events.
The 3 examples I want to share with you have all been in the form of phishing, where a fraudster sends an email (or makes a phone call) to target individuals in the attempt to extract details from them, usually financial or password-related. This can affect you and me, at home or in the workplace and it’s a real challenge our customers are facing across all industries.
Here are the examples.
The first one is personal. I was in the office one day a couple of weeks ago when I received a text message from the UK Driver Vehicle Licensing Authority (DVLA). According to the message, my payment method had expired and I was invited to click on the link in the text to update my details. I checked my payment status independently with the DVLA and there were no issues. The text was enough to force me to carry out some due diligence though, and had I not worked in the security industry I may well have clicked on the link!
I spotted the second example on the BBC news website and thought it was worth sharing just in case! They were reporting on “Business Email Compromise” (or BEC) fraud, where an email appearing to be sent from your boss asks you to make a payment on their behalf. According to the FBI, around 22,000 organisations around the world have lost more than $3bn (£2.4bn) to it over the last three years. Some losses have been in the millions for single enterprises.
The third example was shared by a colleague and relates this time to telephone calls being made to hotel receptions. Here’s the scenario: you arrive at your hotel and check in at the front desk. When checking in, you give the front desk your credit card information (for all the incidental charges to your room). You go to your room and settle in.
Next, someone from outside of the hotel (the fraudster) calls the front desk and asks, for example, for room 620 (which just happens to be your room). Your phone rings in your room. You answer, and the person on the other end says the following, ‘This is the front desk. When checking in, we came across a problem with your charge card information. Please re-read me your credit card number and verify the last 3 digits numbers on the reverse side of your charge card.’
Not thinking anything unusual, you might give this person your information, since the call seems to come from the front desk. But it’s a scam. Someone is calling from someplace other than the hotel front desk. They ask for a random room number, then, sounding very professional, ask you for credit card information and address information. They’re so smooth, you’ll think you’re talking to the front desk.
We can of course help if you’re experiencing phishing across your business. Take a look at Proofpoint a recent edition to our portfolio, as well as Duo Security . Both technologies integrate with the Palo Alto Networks Next-Generation Security Platform to strengthen your security.