THE TOP REASON SMALL BUSINESSES LOSE $BILLIONS FROM FRAUD EACH YEAR (and are too embarrassed to report it)
If cybercriminals can dupe $100 Million out of a tech giant, what makes you feel safe? In this post we will present an inexpensive control against the most common cyberattack.
The combination of my backgrounds from economics, auditing and an undergraduate cyber security course made me realize that it is possible to implement a control against forged invoices. It’s quite simple: Make it costly to attack.
HOW DOES AN ATTACK LOOK LIKE?
Imagine you are responsible to release funds according to invoice details. Suddenly a vendor asks why their payment is overdue. But you already paid it last week, how can this be?
You come to the chilling realization that you have become a victim of a Business E-mail Compromise.
Someone had broken into your vendors email without being noticed. Maybe he guessed the vendors password? Depending on security controls, breaking into an email is often low cost. Once inside, the attacker could easily forge an invoice and send it to you. Unfortunately, most funds are lost forever. Some companies are even forced to go out of business after an attack.
Alternatively, sending a fake invoice without breaking into the email is still possible. This is another attack vector with even lower cost (but might have a lower success rate).
The psychological pain of being duped isn’t fun, however it’s the magnitude of the amount on these invoices that could cause an honest and hardworking employee to have a tough time. Some needs to see a psychiatrist.
JUST HOW BIG IS THE PROBLEM?
FBI reported about the increase in Business E-mail Compromise (BAC) and forged invoices in 2018. From 2013 to 2018, over 12 Billion Dollars were reported lost worldwide. 12 Billion USD is an equivalent of 32 brand new Boeing 747 jumbo jets, or 7% of all 747 jets in global operation.