Digital Advisory Services

Vigilance Helps Defend Cyber Attacks

Posted on February 5, 2019 by

Dave Van Damme

Dave Van Damme

Share This

Share on facebook
Share on twitter
Share on linkedin
Share on email

Situations You’ll Want to Avoid

You have undoubtedly heard it before:  When it comes to opening emails, clicking links, and browsing – – “Be vigilant.”  But why? In short, because not only are cyber security breaches in the news on the rise, but because issues are already happening at our clients.  Check out the following story:

Client Situation #1

Brother # 1 manages Company A – US, a foreign owned subsidiary and our direct client.  Brother #2 manages a smaller subsidiary, Company B – Foreign, from the parent company located in Europe.  Brother #1 and #2 own the parent company.

The vice president and controller of Company A – US, let’s call her “Betty,” will correspond via email and phone calls with Brother #2 about global operations and other matters.   Brother #2 loves dogs and regularly talks with Betty about his beloved pet.

One day Betty gets a phone call from Brother #2, who explains and asks: “We are cash tight right now and behind on paying one of our major vendors.  Is it possible for you to pay a few invoices on our behalf, and we’ll reimburse you as soon as we can access funds from our lender?”  The real kicker that follows is: “By the way, did you get that photo I emailed of my dog?”

Betty’s immediately thinking that everything sounds logical — after all, it was a phone call and reference was made to topics regularly discussed. Furthermore, Betty has been requested to do this very thing for Brother #2 in the past.  Nonetheless, Betty fills in Brother #1, who further confirms and says “sounds reasonable.”

Brother #2 emails Betty the related invoices.  These are smaller amounts, less than $50,000 in total.  The funds are sent.  A couple of days later money is actually received back!

A few days further out, another request is made, this time for invoices in excess of approximately $300,000.  Again, money sent.  But this time, well…nothing.

As a few more days go by, Betty casually mentions to Brother #1 that Brother #2 seems to be much slower at repaying these last larger invoices.  For whatever reason, this causes immediate concern to Brother #1 who asks to see the email string relating to everything.

What’s immediately noticed?  The spelling of Brother #2’s name is off, ever so slightly.

Together, they call Brother #2.  As it turns out, none of it is real — not even the phone call.  The hackers, in this case, were sophisticated enough to not only hack the email server but also tap into the phone system, see and listen to everything and, as a result, were able to execute a call with Betty impersonating the sound of the voice of Brother #2!  That’s just Client Situation #1.

Client Situation #2

Client Situation #2 involved the entire lock down and encryption of servers for almost a month until the equivalent of 30 bitcoin were paid, a point in time in which they were, going for $7,000 a pop.  In addition, significant additional costs were paid to professionals to help get the systems back online and to replace equipment.

Client Situation #3

Client Situation # 3 involved the payment of close to $500,000 to what the client thought was a request from their CFO.

So again, what does this have to do with you, or being “vigilant?”

While you may not be the one who wires money from your organization’s pocketbook under false pretenses, in all client situations, someone in the organization clicked or opened something which allowed hackers access to the overall corporate server, which in turn allowed the hacker to find the “right” person.  Quite often it is the person with access to the bank accounts.

Said differently, the ultimate “click” that led down a long road of Betty wiring $300,000 off to hackers, did not have to start at her computer.  It may have started with Joe on the shop floor.  Or Sam from engineering.  Or anybody.  The key is, that whoever did it, while [hopefully] not on purpose, allowed the hackers a chance to get into the company, and from there, they waited and watched until they found the right opportunity with Betty.

Everyone plays a role in helping prevent this from happening

  1. If you’re not expecting it. Don’t open it.
  2. Hover over links before clicking them. Does the site look legitimate?
  3. Be safe rather than sorry. If somebody sends something that was legitimate, but you weren’t expecting it: call them!  Or, delete the email.  If it was important, they’ll follow-up again.
  4. When it doubt, ask for help.

 

Dave Van Damme

Shareholder

Dave leads the advisory & assurance practice and is well known inside and outside the firm for being both engaged & positive.

Related Insights

Digital Advisory Services

3 Keys to Building a Data-Driven Culture

Posted on April 19, 2022 by

Elly Mioduszewski
Bryan Powrozek
Building a data-driven culture that can propel your business to the next level of success demands fresh thinking. The entrepreneurial “gut feel” that brought your original idea to life won’t give you the analytical insights you need to stay on a reliable path to growth and profitability. The high-stakes business decisions you’ll be called on to make in the future will depend a lot on the systems choices you make today. Here are three big ideas that can help.

Digital Advisory Services

Data Analytics: Optimize Your Path to a Speedy Sale

Posted on April 12, 2022 by

Ben Smith
Elly Mioduszewski
Many business leaders are so invested in getting through the day they may not have the time to dream about or plan for the future. Whether you’ve got someone ready to buy your company or not, it is always prudent to be ready for the next stage of your business. 

Digital Advisory Services

6 Signs Your ERP isn’t Working Hard Enough

Posted on February 3, 2022 by

Elly Mioduszewski
Bryan Powrozek
Enterprise Resource Planning is an essential software tool for monitoring all kinds of businesses. No matter how advanced an ERP software product might be, the ROI depends on how well it’s implemented, how carefully your team applies its features to the needs of your business, and how many of your core processes are integrated with it.

Sign up for our newsletters

Get general business and industry-specific news and knowledge straight from our accounting specialists.

The Sound of Automation Podcast

The Sound of Automation Podcast

Industrial automation businesses are the driving force behind Industry 4.0, and Clayton & McKervey is here to help.

Insights & Perspectives

The Sound of Automation: Looking ahead to CSIA 2022

In this episode we talk with Lisa Richter, Director of Industry Outreach and Growth at Control System Integrators Association (CSIA) . Lisa and Bryan look ahead to the CSIA Executive conference taking place in Denver, CO on June 27-30, 2022 and share with listeners what to expect, who will be there, and the discussion panel topics focusing on this years’ theme “The Future of Work”. 

Read More

The Sound of Automation Podcast

Industrial automation businesses are the driving force behind Industry 4.0, and Clayton & McKervey is here to help.

Skip to content