‘Wolf in sheep’s clothing;’ hack could cost you thousands, says HBP
A new ‘wolf in sheep’s clothing’ computer hack has prompted IT services provider HBP Systems to warn businesses to change the way they authorise payments.
They say the new hack, called ‘credential harvesting’ is so stealthy and effective that it could cost unwary computer users thousands of pounds without them being aware of it until it’s too late – and the only way to beat it is to adopt bank-style two-factor authentication.
HBP Systems’ Commercial Director Phil Denham said it was a massive growth area in online fraud. “It’s never been this big. We estimate that the number of cases we’re hearing about has risen by as much as 1,000% over the last few months,” he said.
The sophisticated new scam entraps users to voluntarily keying in user names and passwords, but it does so by hacking into legitimate email accounts. These are then used to send fraudulent emails highlighting that a file has been sent. Opening it reveals a login screen, which trusting users go ahead to complete.
“These emails look genuine because they are, since they’re generated within a hacked account. They’re so sophisticated that they will even destroy any reply send querying the email,” he added. “Imagine what would happen if a house deposit was to be moved to a fraudulent account, or how a company would react if a supplier said it hadn’t been paid for several months, even though payments had been made – but to fraudulent accounts.”
The nature of the emails means that neither will spam filters pick them up, nor will any amount of staff training be a guarantee of catching them out. “To all intents and purposes they are genuine; the emails look genuine because they are,” says Phil. “The only way to beat this kind of scam is to move to two-factor authentication. We’re all familiar with it already, since it’s the chip and pin system. A card is of little value without its pin number, and vice-versa. Businesses need to introduce such systems quickly for their own protection.”
Thankfully a two-factor authentication tool is included with the latest versions of Office 365. “Setting it up requires the involvement of an IT pro, but the investment is tiny, especially when compared to the scale of losses which could be incurred,” says Phil.
“It’s all part of the layered approach to IT security that we continuously advocate. Imagine a fishing net inside a fishing net inside a fishing net. The more nets there are, the smaller the holes become, and the harder it is for the fish to escape.
“The hackers’ objective is to manipulate the user, and in the end to monetise the process – in simple terms, it’s the most sophisticated means yet that hackers have developed to steal money from the unwary. Every business should talk to an IT provider about upgrading to two-factor authentication.”
To find out more contact our team.