Managing a cyber attack
The secretary of an ANZ customer received an email from a well-known file sharing service requesting they login to their Office 365 account.
This was a sophisticated attack and involved a number of techniques to defraud the ANZ customer, including malicious phishing emails and credential theft through a fraudulent log-in page.
The email directed users to what appeared to be a legitimate login page. This wasn’t an uncommon request given the organisation's use of this software to share files. The secretary entered their business login credentials.
This led to both the secretary’s email account and the account of their manager being compromised due to them having shared access. The attacker proceeded to create mail rules to hide legitimate correspondence from one of the company's clients.
The attacker monitored the mailbox activity and when the secretary was sent a legitimate email from their manager requesting they call a client to confirm bank details, the attacker sent another email pretending to be the manager, claiming they had received the bank details during a separate conversation and requested payment. Consequently, a large sum of money was transferred to the fraudulent account details provided by the attacker.
The ANZ customer notified their banker as soon as they became aware of the incident and the banker was able to call the receiving bank and report the account as fraudulent. Thanks to quick reporting and response, ANZ was able to retrieve the majority of the transferred funds through the intermediary bank, which were then returned to the customer.
Although a good outcome was achieved in this instance, money lost to scams is not always retrievable. In this case, speed to response helped the recovery efforts.
This customer had been targeted by phishing emails previously and was wary of cyber security threats, however they didn’t expect something so sophisticated and tailored. This experience served as a stark reminder that nothing should be taken on face value and every communication should go through rigorous validation.
How to protect yourself
It’s important to check the legitimacy of emails before clicking on links or attachments, particularly before sharing sensitive information like login details. Providing regular training to employees can help increase awareness. There are free resources available for organisations to use on the ACSC website.
Everyone – both business and individuals – should enable multi-factor-authentication (MFA) where available to protect access to systems such as Office 365. Refer to the Small Business Cyber Security Guide for more information.
Don’t forget to act fast and get help as soon as a cyber incident is suspected. Contact your bank straight away if there is monetary involvement.
After an incident, conduct a full investigation to assess the impact of the attack and apply lessons learned such as checking mailbox rules of all employees for signs of modification post-attack.