fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing

        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing

        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing

        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing

        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training

        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing

        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review

        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention

        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise

        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle

        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

I'VE BEEN BREACHED

Investors Are The Next Target Of Large-scale Cyberattacks

Investors Are The Next Target Of Large-scale Cyberattacks

Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average.

When an investor buys into a firm’s investment fund, such as private equity or real estate fund, the firm may ask the investor to hold onto the money until they request it. This agreement allows an investor to keep their money in a more favorable investment to earn interest rather than sitting idle in an investment fund, and the fund can call on the investment when needed.

When an investment fund is ready to use the investor’s money, they issue a ‘capital call’ notice, a formal request for the investor to send them the agreed-upon money.

BEC scammers target Wall Street

In a new report by email cybersecurity company Agari, BEC scammers have started to target investors with fake ‘capital call’ notices that carry a much larger payout than your standard BEC scam.

In the ‘2021 Email Fraud & Identity Deception Trends‘ report released today, Agari states that the average targeted payout in a wire transfer BEC scam is $72,000. These scams are when the attackers impersonate a vendor and ask the victim to send payments to a bank account under their control.

Also Read: 15 Best Tools For Your Windows 10 Privacy Settings Setup

With fake capital call notices having an average targeted payout of $809,000, seven times the usual wire transfer scam, attackers are beginning to utilize them in the hopes of a much larger payout.

“In emails to targets, BEC actors masquerade as a firm requesting funds to be transferred in accordance to an investment commitment. Because of the nature of such transactions, the payments requested are significantly higher than those sought in most wire transfer scams. The average payout targeted in capital call schemes: $809,000,” Agari explains in their report.

According to Agari, the attacks are initiated by threat actors emailing known investors’ accounts payable specialists with capital call notices requesting payment for fictitious investments. 

“Based on what we’ve seen, threat actors aren’t using any insider knowledge in their attacks requesting capital call payments. Rather, the attacks are requesting payments for fictitious investments, similar to what we’ve seen for years where BEC actors request payments to fictitious vendors,” Crane Hassold, Agari’s Sr. Director of Threat Research, told BleepingComputer.

BEC email with fake capital call notice
BEC email with fake capital call notice
Source: Agari

Hassold explained that the attacks seen by Agari are sent from email services, most commonly the centrum.cz webmail provider based out of the Czech Republic.

Attached to these emails are document impersonating a capital call notice and demanding payment for the fake investment.

Fake capital call demand used in BEC scam
Fake capital call demand used in BEC scam
Source: Agari

If they are able to convince the target to transfer the money, the attackers would quickly move the money to other accounts under their control and use money mules to withdraw the money so that bank cannot return it to the victim.

While wire transfer scams are here to stay, by performing different attacks based upon a particular victim, the threat actors stand to make a much larger payout.

To defend against such attacks, both the investment firms and investors must utilize strong email security.

Agari has told BleepingComputer in the past that “a multi-layered approach to email security is essential, which includes implementing strong anti-phishing email and email authentication protections that specialize in defending against advanced identity deception attacks and brand spoofing.”

Also Read: How To Secure Your WiFi Camera: 4 Points To Consider

Agari also recommends that all companies institute a formal process for handling outgoing payment requests, especially if the payment information has changed since the original agreement. Ultimately, the best way to avoid sending money to a threat actor is to always confirm the request and banking information through a phone call directly to the investment firm.

Never utilize the contact information in the emails you receive but instead call them directly using previously known contact info.

For more information about BEC scammers’ other methods to steal corporate money, you can read Agari’s report released today.

0 Comments

Let us help you out.

Grab your free consultation NOW!

Privacy Ninja

Data Protection​

Cybersecurity

Support

Company

Locations

Singapore

7 Temasek Boulevard
#12-07, Suntec Tower One
Singapore 038987

Thailand

The Royal Place 1
2, 2/399 Mahatlek Luang 1 Alley, Lumphini, Pathum Wan, Bangkok 10330, Thailand



email-icon
Facebook Twitter Linkedin Youtube

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
TALK TO US
×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

× Chat with us