Be aware of cyber crime: "E-mail hacks"

Like other sectors and companies the national and international diamond sector is an attractive target for cyber criminals.

Over the past number of weeks several Antwerp and international based diamond companies have been victims of a failed, foiled or successful cyber crime.

The actual or missed loss currently ranges from $8.000 to $350.000.

Most insurance policies do not cover losses using this modus operandi.

Awareness is key to prevent becoming a victim!

Modus operandi (MO)

• Criminals, most likely from Eastern European and/or Middle Eastern (including

            Israeli) origins, extensively research and profile companies and their

            management, (ex: CEO, CFO, etc.) using open sources. 

• Among other information, these criminals are looking for: company website(s), company organization and responsibilities, "company language", public documents (ex: statues, annual reports), documents with signatures, email addresses, company bank information, etc.

• Criminals acquire and use prepaid telephone and or data cards, set up an anonymous online identity, clone or spoof telephone numbers, cell phone numbers and email addresses. 

• We would like to especially point your attention to the telephone numbers and email addresses. The criminals clone numbers, which will look like familiar numbers to you, for example the numbers of your clients or your bank. In your email inbox the criminals' email addresses appear either 100% like or slightly deviate from the original email addresses.

• Criminals either hack email mailboxes, install malware on networks, company PCs, laptops and/or mobile devices, or use the "Man-in-the-Middle" (MiTM) or "Man-in-the-Browser" (MiTB) attacks

• Criminals monitor email traffic, especially business sales (buying or selling) 

• Once the criminals see an opportunity they start to put to use the telephone or email

            addresses, to give instructions or provide modified payment information to the victims, for example: other bank or account number information, or payment instructions (ex: money exchange), intercept and change invoice information, etc.

• If the targeted victim becomes aware of these attempts, the criminals will use "social engineering techniques" (by telephone and via email) to lower the victim's guard and proceed with the transactions.

• Once the criminals see that their scam is not working, they abort their actions.

• Efforts to identify them are almost always met with negative results.

• If the victims are not aware or alert, the money is transferred and taken out of the account.

Recommended preventative security measures

• Be aware and alert for this modus operandi, especially when conducting business

        via email.

• Monitor everyone within your organization who is authorized to conduct banking transactions.

• Promote and support reporting of suspicious behavior, persons and incidents.

• If you receive telephone calls or emails, including those on behalf of company

            managers, the CEO or CFO,  asking you to transfer money or change payment

            information, always double check the request independently and personally with

            the respective individual(s).

• Do not reply to the initial email. Use the original email. Preferably contact person directly on the phone.

• If you were contacted by customers or the bank, reach out to them directly using known contact information.

• Consider the "4-eyes" approval policy prior to transferring money.

• Update and patch your computer/server Operating Systems (OS) in a timely and

        regular manner.

• Install and update/patch your Firewall (FW) and Antivirus (AV) systems.

• Conduct regular scans.

• Use strong passwords on your computer/server/email/etc.

• Change passwords on a regular basis.

• Do not share passwords.

• Check if the MO is covered by your current insurance policy.

• Should this not be the case, consider a “cyber security insurance” policy

What if you're a victim of a failed, foiled or successful attempt?

• Keep all relevant email and telephone numbers used in the suspected or actual scam
• Report to AWDC SO.
• Report to the local police.
• Contact and inform all people involved (including the customer(s)).
• Contact and inform your bank.
• Identify and contact the bank where money was transferred.
• Immediately change passwords on all systems and programs.
• Run a full scan using your AV.
• Monitor bank account extensively over the next 4 weeks and report any suspicious transactions. 

Please do not hesitate to contact the AWDC SO for more information and/or any questions or remarks you may have: info@awdc-securityoffice.be