Is Your CFO in the London Blue Hacker Database? Be Prepared

By Mary Beth Hamilton | Tuesday, May 7th, 2019

Hacker groups continue to become more sophisticated and targeted in their attacks. Case in point is the “London Blue” hackers organization, which is called “one of the most notorious business email compromise hacking groups.”

London Blue has created a database of 50,000+ executives, who they impersonate in wire transfer request emails to company finance department. The spear phishing emails appear real and convey a sense of urgency. According to one security provider, by “looking for people with the positions of CFO, CEO, Executive Assistant of CFO and other financial related positions in websites like LinkedIn.”

Preparing Your Employees

Here are three recommendations firms should follow to avoid becoming prey.

Wire Transfer Processes: Establish a strict wire transfer and validation process that employees must follow regardless of the request originator – i.e. even if the CEO stats they transfer is urgent your employees must still follow protocol. As for protocol, at a minimum you should require a two-step verification, including a phone verification if the request comes via email. Additional recommendations provided by Invinsec include:
1. Have separation of duties so that a single employee cannot transfer large sums of money alone. Having a second approver makes it much more likely that an erroneous transfer request will be spotted before being executed; and
2. Follow strict methods for requesting transfers, establishing whether an email from C-level executives is an approved request mechanism.”
Monitor the Dark Web: User credentials are for sale across the Dark Web, which makes it imperative for firms to have a monitoring program in place. Here at Eze Castle Integration we offer Eze Dark Web Monitoring, which continuously scans the Dark Web for user credentials and then takes automatic action if a compromise is discovered.
Train Your Employees: Employees need to be educated on spotting phishing scams, especially as they become more targeted and sophisticated. Here are some red flags to watch for:

Check the sender email address as well as “to” and “cc” fields
Is it personalized? Be wary of generic greetings
Improper spelling and grammar can be giveaways as well
An overwhelming sense of urgency requesting personal information
Links! Only click on those that you are expecting (same goes for attachments)
Suspicious emails from trusted sources can happen. If your friend/colleague sends a strange message, their account may have been attacked.

Additionally, be aware that landing on the wrong website can expose a firm to risks, so be on the lookout for these signs that could signal it is a malicious site:

Check for the presence of an address, phone number and/or email contact
Check the web address for misspellings, extra words, characters or numbers that seem off or suspicious
Roll your mouse pointer over a link to reveal its true destination, displayed in the bottom left corner of your browser
If there is NO padlock in the browser window or ‘https://’ at the beginning of the web address to signify that it is using a secure link, do not enter personal information on the site
Be wary of websites that request lots of personal information
Avoid ‘pharming’ by checking the address in your browser's address bar after you arrive at a website to make sure it matches the address you typed
Be wary of websites that are advertised in unsolicited emails from strangers