You should be aware of a common type of attack known as a "Man in the Middle."
RubinBrown has recently been alerted to a sophisticated cyber fraud scheme perpetrated by a team of foreign fraudsters.
Customer and vendor are engaging in an email dialog regarding pricing and payment terms for an upcoming purchase. Unknown to these two parties, the fraudsters have penetrated vendor’s systems and are “listening” to this conversation.
At just the right moment, the fraudsters use a fake domain name (“vendor.co” and not the real domain name “vendor.com”) to insert themselves into this email string and “replying with history” to customer with new wire instructions. As customer was expecting the instructions from vendor, they promptly wired a large sum of money to the fraudsters.
Unfortunately, this scheme has been perpetrated several times, and hundreds of thousands of dollars have been lost.
The best way to protect against these types of attacks is to ensure the communication between the two parties is properly encrypted, preserving the integrity of the communication.
RubinBrown recommends considering the following additional action steps to help mitigate the risk of loss in this scenario:
- Ensure that any change in vendor name, address or payment instructions is independently verified and approved
- Ensure that your systems are secured and monitored
- Consider a third-party review of your system controls
- Consider penetration studies to learn where your systems are vulnerable to cyber attack
Under U.S. Treasury Department guidelines, we hereby inform you that any tax advice contained in this communication is not intended or written to be used, and cannot be used by you for the purpose of avoiding penalties that may be imposed on you by the Internal Revenue Service, or for the purpose of promoting, marketing or recommending to another party any transaction or matter addressed within this tax advice. Further, RubinBrown LLP imposes no limitation on any recipient of this tax advice on the disclosure of the tax treatment or tax strategies or tax structuring described herein.
All Risk Services News