Caught out Childcare Centre down 54K
Written by David McNeil
There was a story that broke a week ago about a child-care centre that got defrauded $54K. A hacker managed to intercept an invoice from the builder who was working on the centre and rewrote it with their own bank account number before sending it on to the client.
What a nightmare! There would have been an extremely low chance of detection by the client as the email address was spoofed. One character in the email address might have been different and that’s all. Once the money was received and then moved by the hacker there was no way to recover the money again.
Of course, the first thing we think about is how likely is it that this could happen to me?
To answer that we need to have a look at the likely ways that this attack took place. I’m not saying these are the only ways it could happen, far from it, there could be more than 20 ways, but I just want to focus on a few that are common to this scenario.
To intercept a document in this way, we call it a Man-In-The-Middle attack. This, as it suggests, means that a hacker managed to put something in the middle of the mail’s journey of getting from the Builder to the Client and stopping it from getting passed on.
How can a hacker get control over the Client’s or Builder’s inbox? In my opinion, it’s more likely that it was the builders mail that was compromised. Businesses get targeted often in this way and any mail that might have the words like “invoice”, “payment”, or “billed” in them will get held by the hacker until they can be changed into what the hacker wants them to say.
So how can a hacker do this?
A lot easier than you think!
The first way I want to talk about, is a “Rogue network” or an “Evil twin” network. What a hacker will do is set up a free public Wi-fi spot, usually at a hotel or a public hub and call the network something innocuous like “Free Wi-fi” or if it’s near a café “Coffee Culture 2” or any other name that is extremely similar to a well-used free Wi-fi. I picked Coffee Culture solely because it was the last place I went for coffee that had free Wi-fi. No accusations here! Once you click on the hacker’s network, the internet will work and everything will look and feel just fine, but the hacker now has complete access to any information passing across the network. Usernames and passwords, bank account details, email addresses. Hacker gold.
How do you stop this from happening? The easiest answer would be to never use a public Wi-fi but sometimes it’s just necessary. Think of a businessman needing to do a skype conference call on a laptop while at the airport. The other answer is to install a VPN. This is a program that encrypts your network traffic so that even if a hacker can see it, they can’t read it. VPN’s come in many different qualities, but you really should pay for one. There are free ones, but either their quality is dubious OR they only let you use a small amount of data. Save yourself a nightmare and just go and pay for a highly recommended one. Do a bit of research!
OK, so the next way I want to cover involves an action taken from the user of the computer and it can be as simple as clicking on an attachment or link in a seemingly safe email. We call it a “phishing” attack. As in, throw a whole lot of bait out there, wait for someone to bite and then reel them in. As an example, there was an email making the rounds very recently that looked authentically from Linked In.
This is very close to the actual email from Linked In if you close your account. Here is the real email:
Most users would never actually have received the real copy and wouldn’t know the difference, and many, many people overlook the mistake in the sender’s email address. We know because we tested it!
To a lot of people their LinkedIn account has a lot of value and to think that you might lose the work you’ve put into it would get a lot of people to click the button without checking to see if their LinkedIn account has had anything changed in it. Clicking on ANY button will have a malware take up residence in your computer ready to do any number of things. One of things might be to take over your email or even your browser.
Either one is bad, but a browser take-over is definitely worse. A spoofing attack in the browser is when you try and go to a site (like your internet banking) and the hackers have told your computer to go to their own version of the banking screen. You input your details in log-in and they happily start transferring all your funds to themselves! This is a bit over-simplified, but it really is easy for them if you let them in this far.
There are two great ways to protect yourself from a phishing attack. The first is to not click on any links that come to your email unless you’re 100% sure you know where they are from and you know what they do. The second way is to have a very good antivirus program that has the highest rating for picking up malware attacks.
Yes, it does cost money. Let me be clear. Using a free Antivirus software IS better than nothing and some are actually doing something worthwhile, but most of those, even if they detect that there is a problem can’t actually clean it up properly. Also, they don’t show you where the attack came in in the first place, where it went and what places or files it touched on its way through.
The Anti-virus that I use not only stops the malware and deletes it, but it draws out a map to show where it got in and every action it took. It’s very cool to see it in action!
There are other ways of course that hackers can get in but these two make a hacker’s life so easy. Don’t let them in.
So, let’s wrap up the top things to lower your chances of giving a hacker money.
Don’t use a public WIFI without a VPN giving you extra encryption. Don’t click on any links from email or even a website that you are not absolutely sure of.
Lastly, get a GREAT antivirus software that actively scans for and cleans up malware from your computer. My recommendation is that you use one that has a mapping tool to show you where an attack came from. Why is this good? It shows you where the weakness was and where to plug the hole. Sometimes the hole was YOU. This will tell you whether YOU clicked on something dodgy, or whether another office worker or family member did. Almost ALL attacks come from a user doing something they shouldn’t, and Antivirus is your defence after that. I know of only ONE Antivirus that has a comprehensive mapping tool so contact us now if you want to know how to get a hold of that!
Hopefully this has shed a little bit of light into the cyber security world and its dangers. If you would like advice on what you might need to keep you safe please give us a call!