Cybersecurity and Authentication
Authentication became much more difficult
By Charles Parker, II
We all understand the issues phishing has caused over the last few years. There have been countless compromises targeting email systems and pivoting off these into other areas. When we thought, this was starting to get controlled at some level, there’s a new wrinkle.
A finance worker of a multi-national firm attended a video conference call, just as so many of us do every day. With this conference call, the finance worker was directed by the Hong Kong company’s “Chief Financial Officer” to pay $25M. There were other “staff” in the call also. The message prior to the meeting was a bit suspicious as it asked for the meeting to discuss a secret transaction.
Since other staff, who the finance worker recognized, were in the meeting, it seemed legitimate. The $25M USD or $200M Hong Kong dollars were transferred. Well, not everything was as it seemed. The CFO and other staff in the meeting were actually deep fakes. On the bright side, the police had arrested six others with scams much like this.
Technology will find a way around the defenses and detection tools we put in place. We’ll improve the defenses and tools only for the cycle to continue. In these instances where the transaction may not quite feel right, the suspicious mind should overrule natural tendency of “It should be fine.” Our staff training needs to be updated regularly to keep us with the new technology and attacks. Granted, this nuance is difficult to filter, but the human factor is there to apply common sense.
About the Author-
Charles Parker II has been working in the info sec field for over a decade, in the banking, medical, automotive, and staffing industries. Charles has matriculated and attained the MBA, MSA, JD, LLM, and is in the final stage of the PhD in Information Assurance and Security (ABD) from Capella University. Mr. Parker’s areas of interest include cryptography, AV, and SCADA.
Comments