Here is a good news story:
A two month operation – called First Light 2022 – between law enforcement agencies of 76 nations has led to the seizure of millions of pounds of assets and the arrest of thousands. The organised gangs targeted were behind hundreds of telecommunications and social engineering scams.
Police in participating countries raided national call centres suspected of telecommunications or scamming fraud, particularly telephone deception, romance scams, e-mail deception, and connected financial crime.
Interpol
Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams
The numbers in the report are quite staggering and illustrates why social engineering against businesses, where the trust of your people is exploited, is a problem that every business must address. Whether the attack comes by a phishing email or phone call, whether it is an email that looks like it came form the CEO or your best customer, here are two excellent ways to start to combat the threat:
- Have procedures in place that keep a check on your business operations – for instance when key personnel are on holiday (and the threat actors know when these people go on holiday as they monitor the social media accounts of partners and children) – disable their access to key systems and drop them out of such routines as paying bills.
- Training and role playing – if people know, for instance, how to recognise a phishing email, understand the company routine, carried out by text messages, that defeats business email compromise (BEC) attacks, have a procedure to follow if they click on a link and do not work in a “blame culture”, then the threat actors will not have it all their own way.
Because although 76 police forces have worked together and broken up these gangs, social engineering and phishing emails and calls can net a lot of money from the unwary and the ill prepared, so new criminals will emerge to fill these lucrative gaps.
Here is a current example of a “too good to be true” phishing scam doing the rounds at the moment
So you think about your regular communications, email, phones and maybe text messages but what about expanding that. Think carefully about your particular operations, you need to know what your “normal model” looks like so you can take steps to defend it. This attack comes via WhatsApp and is aimed at Father’s Day:
Heineken says there’s no free beer, warns of phishing scam • The Register
Clive Catton MSc (Cyber Security) – by-line and other articles