A Gloucestershire based communications specialist are warning businesses about the dangers of online ‘spoofing.’
Lister Unified Communications have been made aware of what has been called a “man-in-the-middle” attack after being approached by a county company that had encountered a problem.
‘Spoofing’ occurs when an e-mail account has been compromised and the hackers sit and monitor an account, waiting for a large order or transaction to be placed.
The hackers then intercept e-mails, change bank details and pocket large sums of money with neither the buyer or seller not realising what has happened.
Lister were approached by a county compatriot last week who had become concerned they had been hacked after a £10,000 invoice payment was not received.
And Rob Lister, managing director at Lister Unified Communications, said that their investigation had shown the company had been ‘spoofed’.
The company had sent an invoice for over £10,000 to a new customer for the sale of a vehicle, as they normally would, but never received the funds,” he said.
“Their customer confirmed payment including a screenshot from their bank account showing that the invoice was paid in full.
“All indications were that the email had been intercepted and the information had been changed.
“A short investigation showed that the compromise was not through our or our client’s network, nevertheless the damage had been done. “
Further investigation showed the staggering speed at which the hackers had gained access to the e-mail, switched over the details and waited for the money to arrive.
Rob Lister said that the case highlighted just how vital it is for companies to beef up their protection against all forms of cyber fraud.
“Working with both parties our suspicions were confirmed,” he added.
“We found that 23 minutes after the invoice was sent, the customer received a modified email and our client received a strange reply from an unknown address.
“That was hosted by “protonmail.cn” masking their identity as the original sender but contained a word document that was edited to look exactly like the PDF invoice that was originally sent.
“The crucial thing was that there had been a change to the change to the bank details, along with the senders name, signature and even the disclaimer.”
“It was a timely reminder for us all to be vigilant and ensure our cyber security is always up to date.”
Lister Unified Communications can help ensure your business is secure from ‘spoofing’ and other types of cyber-fraud.