You are not immune to Hacking...
Posted By: Tanner Clark - 5/23/2016 12:00:00 PM

Hacking for money has turned into a multi-billion dollar global industry.  The latest in a long line of for profit hacks has become known as “Whaling.”  Borrowing the casino industry term for big gamblers, Whaling is a very sophisticated attack that uses technical skill to provide reconnaissance which can be leveraged to con companies, large and small, out of thousands of dollars.   Our small business clients are no longer anonymous, nor are you immune to these attacks.  Here’s how they work:

  • Attackers are gathering massive amounts of information about your company using publicaly available information from your website, Facebook, Linked In, etc.  
  • They are also looking for opportunities to compromise your email account through various means of phishing attempts and viruses.  They are even hacking public websites that use email account as username, correctly assuming that many people will use the same password as their network/email. 
  • Once they identify a target and compromise an email account inside the company, they begin using the insights gleaned from reading email to create a scheme designed to specifically con your company.  For example, once they learn the name of your owner and your accountant, they will send an email from the hacked email account to the accountant which references the owner and requests that a wire transfer be made for appears to be a legitimate business transaction. 
  • This new breed of attack is as much a con game as a technical hack.  They have become very adept at finding targets, learning about them, then adopting their tones and traits in email to trick someone into sending a wire transfer.  They are even smart enough to vary the amounts based on the size of the company.  They are daring enough to make follow up requests for more money to those who have paid. 

Here are some things you should implement immediately to protect yourself from these for profit attacks:

  1. Change your network/email password frequently and NEVER use your email address and password to set up accounts on public websites.
  2. Work with Runbiz to turn off Outlook Web Access, if your company is no longer using the feature. 
  3. Put a policy in place to control wire transfer requests outside of email. 
  4. Consider adding a new layer of security services that are specifically designed to curtail For Profit attacks.

Please contact your Runbiz account manager if you have any questions or concerns about any of your security needs.