While your bank is doing all it can to keep cybercriminals from accessing your merchant account, your own staff could be undermining the bank's efforts.
According to a report by Bank Technology News, the Eastern European authors of a sophisticated malware called "Dyre" are stepping up their attacks on corporate banking accounts and they're using your own employees to do it. How? Good old-fashioned social engineering.
Social engineering attacks work by first uncovering the credentials your business uses to access its bank account(s), then using those credentials to successfully complete the multi-factor authentication process your bank uses to protect the account. In the case of Dyre, your own employee is the point of entry when they mistake a phishing email for an authentic bank communication and open a malicious attachment. Once opened, the attachment installs malware on the employee's computer and lies in wait for the employee's next online interaction with the company's bank account.
And the social engineering continues from there! With the employee's login credentials in hand, the attackers issue a follow-up email soliciting a phone call from the employee to address "an issue with the account." The employee calls the number, which leads to a sophisticated call center, and proceeds to unwittingly give the "agent" the additional information they need to authorize a large wire transfer.
Don't think it could happen to you? According to the Bank Technology News article, the communications your employees receive are "very deceptive" in nature.
Security Awareness Training is Business Critical
Security Awareness Training is essential for changing employee behavior when it comes to properly addressing phishing emails and other types of social engineering attacks. This type of training should be conducted on a regular basis to ensure that all organizational employees are educated on the latest attack methods and that they remain vigilant in protecting the company and its assets.
Social engineering engagements can also be a great way for larger companies and non-profit organizations such as hospitals and colleges to proactively assess organizational security awareness. ControlScan has conducted many such engagements and several of our clients have found the results surprising.
Interested in learning more? Click here to request information or give us a call at 800-825-3301, ext. 2. We are happy to help.