Impersonation fraud impacted nearly half-a-million UK SMEs since 2017
7 September 2018 |
In December last year, Christine Campbell, who managed one of John Kahlbetzer, an Australian millionaire's accounts, received an e-mail from him asking her to transfer $1 million from his account to one David Aldridge, a British citizen. Kahlbetzer was on Forbes' list of Australia's 50 richest people and boasted a net worth of $950 million.
Campbell, who regularly received such e-mails from Kahlbetzer, complied. However, it later turned out that the sender of the e-mail wasn't Kahlbetzer himself but an impersonator who made the e-mail look like it came from him.
According to Bloomberg, the e-mail address used by the impersonator was 'one character different' from Kahlbetzer's own e-mail address but it was made to appear exactly like his e-mail address on the screen. After the funds were deposited in his account, Aldridge transferred $82,600 to one of his bank accounts and transferred the rest of the money to accounts located in the UK, Nigeria, the United States, Hong Kong, the U.A.E., and Ghana.
The incident was just an example of how easy it is for scamsters to steal money from vulnerable netizens by impersonating people and using identical e-mail addresses to get funds transferred to their own accounts.
Impersonation fraud rose by 58 percent since 2017
A recent survey of around 1,500 SME workers by Lloyds Bank and Get Safe Online recently highlighted how effective cyber criminals have been in duping employees at small and medium enterprises to share corporate secrets or to transfer money to their accounts by impersonating top company executives.
According to Lloyds Bank, the number of reported impersonation fraud cases rose by 58 percent since 2017, costing UK-based SMEs an average of £27,000 and impacting nearly half a million of them. In terms of industries, law firms bore the brunt of impersonation fraud scams, suffering 19 percent of all attacks, followed by HR professionals, IT workers and finance companies.
In the survey carried out by Lloyds and Get Safe Online, while over half of SME workers said they received fraudulent emails from people impersonating their company CEOs, 52 percent also said they received fraudulent emails and invoices from people posing as their suppliers.
Impersonation fraud has also left a mark on employees who were duped by scamsters. While one in twenty victims said they hid their mistake from their teams as they were ashamed, 15 percent felt angry, and 8 percent said they could not trust their co-workers anymore.
"The rise of impersonation fraud is a very concerning issue for small and medium-sized businesses. We know that falling victim to these types of scams can be serious as the impact extends beyond just the financial implications. This is why we’ve teamed up with Get Safe Online - to help educate business owners and employees on how to recognise these scams and take the right precautions to protect themselves," said Gareth Oakley, managing director of business banking at Lloyds Bank.
Employee training a must
Steven Malone, Director of Security Product Management at Mimecast, said that many small and medium enterprises naively believe they’re too small to be targeted by cyber criminals, and this is a major reason why email impersonation fraud and ransomware attacks are now the easiest way for criminals to get their hands on valuable data and money.
"Our Email Security Risk Assessment showed just how many of these malicious emails are appearing in business inboxes. In the last quarter alone, there has been an 80% increase in impersonation or business email compromise – or BEC – attacks. With the number of victims ever growing, it is time for SMEs to realise that their size is irrelevant to hackers, and a breach can have a great impact on their business.
"Hackers rely on human error here, so training employees to recognise the fraudsters is the first part of the puzzle. To combat these threats, organisations must adopt a cyber-resilience strategy that tackles all organisational weak links from the bottom up. This means adopting a layered security approach, including dedicated protection from impersonation attacks and secured email systems, along with proactive measures such as simulations and employee awareness training," he added.
Latest posts by Jay Jay (see all)
- Lancaster University hit by phishing attack; student records compromised - 23rd July 2019
- Equifax to pay up to £561m to settle multiple data breach complaints - 22nd July 2019
- Met Police suspends Twitter account after its news platform got hijacked - 22nd July 2019
- Privacy concerns dominate as FaceApp crosses 100 million installations - 19th July 2019
- London-based real estate agency fined £80,000 by ICO - 19th July 2019