Will You Help Hackers Steal Lots of Money Today?

Imagine you get a call from your employer, and they say they really want to know why you just transferred over fifty-thousand dollars to a bank in New Jersey, and then on to a bank account in Ukraine. Imagine the panic, the sweat that forms, the tightness in your throat, the pounding heart, the swimming brain as you stammer out a “What? What are you talking about?!?” It’s only 9:15 AM, but it’s already one of the worst days of your professional life…

Are You Right 100% of the Time?

It took only one simple mistake for a hacker to gain access to the corporate bank account and transfer tens of thousands of dollars abroad in mere moments. The outcome isn’t even unique, it happens nearly every day to organizations all around the world. What was unique to this case, which I worked recently as an incident response consultant; was that the attacker hadn’t even targeted the organization or the victim, at all.

This isn’t supposed to happen. Organizations and accounting departments, especially, are targeted often by cyber-criminals. They try hundreds of different approaches each year to get team members to click on things they shouldn’t. They send fake invoices to see if the accountants will pay them. They email in infected documents to try and get footholds to leverage for moving money. They call, they send faxes…