Criminals are using the California wildfires as a social engineering tactic to manipulate people into buying gift cards supposedly intended for victims of the disaster, according to James Linton at Agari. The scammers send emails to employees of organizations posing as their CEO.
These CEO Fraud emails target employees who work in accounting, finance, or administration, and tell their recipients to purchase gift cards worth hundreds of dollars to be sent to clients affected by the fires. The employees are instructed to send photos of the codes on the purchased cards, after which the criminals can use online services to convert them into regular currency.
One of the demoralizing byproducts of large-scale tragedies is the tendency for scammers to exploit people’s charitable intentions. In September, the US Government warned of phishing campaigns that used Hurricane Florence to prop up fraudulent charities. “Relevance and topicality are two of the main tools cybercriminals will leverage to obtain money or information through email deception,” writes Linton.
As CEO Fraud attacks grow in popularity, organizations need to implement policies that will prevent them from succeeding. As an employee, you should always verify that requests from your executives are legitimate before proceeding. This can be done by using another channel to communicate with them, preferably a face-to-face or a phone conversation.
If the request is particularly suspect, contact a separate executive or other superiors before going forward. New-school security awareness training can educate employees on these threats and instill a healthy sense of suspicion and wariness.
The KnowBe4 platform allows you to spoof your own CEO, and monitor the reply emails that your users might send back to this simulated “bad guy” so you can immediately step them through a short remedial training session. Agari has the story: //www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
Article Provided By: KnowBe4