Beware of the Man in the Middle

"Man in the Middle" attacks are on the rise with fraudsters making a B line straight to your financial staff.  Have you got measures in place to defend against this type of fraud?

14 January 2016 Security  Security

Security - Article

You may be aware of news items where individuals suddenly find that the person they thought they were corresponding with on a financial matter turns out to have been a fraudster and with that the realisation that a considerable sum of money has been lost. 

These are known as a "Man in the Middle" attacks and they appear to be on the rise so it is important you are aware of this issue and what measures can be put in place to defend against this type of fraud.

A Man in the Middle attack can work in several different ways and one of the easiest is for the attacker to identify who a business regularly deals with (for example us!) and then register an Email address or domain name that is slightly different (e.g. ctsltb.net instead of ctsltd.net). 

The attacker then creates an Email account (e.g. accounts@ctsltb.net) and begins the process of interacting with the business and as the Email address is only slightly different it can often go unnoticed. Within a short period of time the attacker will seek to get an ad-hoc transfer made, intercept details of transactions or advise that the account details for payments has changed and then wait for the next payment run.  This simple type of attack bypasses all your firewalls and virus checkers because it relies on people being busy and not looking out for the tell tale signs.

Another way is to gain access to someone's internal Email account (for example a budget holder) and pretend to make requests etc. as that individual.  Usually this will be as a result of a weak password and once in, the attacker intercepts Email between the budget holder and finance and again will seek for ad-hoc transfers to be made or advise that account details for payments have changed.

It is also possible to induce malicious software to be installed on the individual's PCs that either intecepts and even alters Email correspondence or presents individuals with web sites that appear identical to their usual banking web sites and use these to capture or intercept access details or transactions.

It is important to bear in mind the individuals who perform these kind of attacks are often very skilled and will spend time studying the communication and working patterns beforehand to minimise the risk of their discovery until it is too late. 

Consider also they will be targeting any financial transaction you make so whilst they might pose as a customer they could just as easily pose as an employee looking to change the bank details for their salary.

So how can you defend yourselves against such attacks?  Well, the following are a few suggestions on what can be done:

  1. Those who are responsible for making or authorising payments to suppliers should be given additional security awareness training with regular refreshers.
  2. Regular security checks of the computers of such finance/budget holders should be made.
  3. A limit placed on number of computers that can be used to peform such transactions.
  4. A limit placed on the websites such computers can access.
  5. Ensure individuals have strong passwords changed regularly and that any unusual activity on their accounts is monitored for and actively investigated.
  6. Create a suitable policy/procedure that is used to verify any changes to payment/account details for suppliers/customers and that these checks operate using a different method of communication (e.g. fax confirmation, telephone call, text message).
  7. When you know you will be conducting financial transactions with someone, get their bank details at a face to face meeting.
  8. Speak to your bank about options for requiring a second authoriser for transactions.
  9. Remove job titles from Email footers of those who undertake financial transactions.
  10. Remove from your website those who undertake financial transactions.
  11. Finally, make sure you test the actions you put in place!

Want to know more and see how others have been affected?  Here are a few articles worth reading:

Tags  fraud security

Corrections or suggestions

Secure USB Flash Drive

Kingston DataTraveler Locker+ 16GB USB Flash Drive

Kingston DataTraveler Locker+ G2

Secure USB Hard Drive

Western Digital MyPassport 1TB USB Drive

Western Digital MyPassport 1TB

Security Cable

Kensington MicroSaver Cable Lock

kensington lock