Waterloo Brewing Loses USD 2.1 Million in Social Engineering Cyberattack

by certadmin

Waterloo Brewery Ltd. claims that $2.1 million has been wasted to which the company has described as a “social engineering cyberattack” when the firm convinced to send money to a fake third-party scammers bank account.

Waterloo Brewery on Thursday said that the’ sophisticated social engineering attack in November indicated that scammer successfully personify actual creditor worker whom personally asked company to pass several Bank wire transfer.

In a news release, the company works with its auditors and the bank to ensure that the appropriate measures are taken to mitigate any future occurrence of similar cyberattacks, “the Brewery said that they believe that their Financial computers systems are not affected, being violated or that any personal information from his customers is at risk.

Company said that they still worked vigorously to retrieve the funds and contacted the relevant authorities, but no guarantees were issued that cash would came back. Is only the newest in electronic scams in which fraudsters make it impossible personify actual workers to seek money transfers.

Upon finding out about the social engineering fake scheme, Waterloo Brewery has begun investigating all other financial operations on all its bank accounts and updating its internal systems and safeguards including its computer networks so that further same attacks can be avoided. Below we gonna to show you there are five most common forms of digital social engineering cyberattack so let’s check it out

SOCIAL ENGINEERING CYBERATTACK

Social engginering cyberattack are conducted in various ways and can be carried out wherever human interaction takes place. The following are the five most common forms of digital social engineering attack.

BAITING

Attack that used to false promise of picking up the gold or interest of a target. As its name implies. We draw users into a pit to snatch their personal data or to impose likely ransomware on their machines.

Physical media is the most disgraced method of baiting to spread malware. For example, in prominent locations where potential victims can be lure of being seen (e.g. bathrooms, lifts, parking lot of a targeted company), hackers leave bait— usually malware-infected flash drives ». The lure appears authentically like a tag that is described as the payroll list of the organization.

Online baiting forms consist of ads that lead to malicious websites or encourage users to download a malware-infected application. Baiting scams do not necessarily need to be performed in the physical world.

SCAREWARE

False alarms and fictitious threats are a source of fear for victims. Users feel that their system is malware-infected so that they install software which has no real benefit or is malware itself (other than for an perpetrator). Scareware is also known as software for deception,/disillusionment, scanner and fraud.

PRETEXTING

In this case, an attacker receives information by means of a series of smart lies. The scam is often started by an offender who claims that he needs sensitive information from a victim in order to carry out a critical task.

Using impersonative colleagues, the police, banks, and tax officials, or anyone else having the right to know, the attacker generally starts by trusting their victim. The pretext asks questions which are apparently needed to confirm the identity of the victim through which important personal data are collected.

PHISHING

Phishing cams are among the most popular types of social engineering attacks, such as email and text message campaigns to make victims feel urgent, curious or afraid. It ensures that sensitive information is revealed, links to malicious websites or attachments containing malware are opened.

An example is an email that informs users of an online service of a policy violation that requires immediate action, such as the required password change.

SPEAR PHISHING

This is a targeted version of the phishing scam in which an attacker selects particular individuals or companies. They then customize their messages to make their attack less conspicuous based on features, positions and contacts of their victims. Spear phishing needs a lot more effort on behalf of the perpetrator and it might take weeks and months to get rid of it. If done skillfully, they are much harder to detect and better rates of success.

A special phishing scenario could involve an attacker who sends an email to one or more employees when he impersonates an IT consultant. It is written and signed in exactly the same way as the consultant does, thereby misleading beneficiaries to think it is a true message. This message encourages recipients to modify their password and provides a link to a malicious page in which the attacker now collects their credentials.

SOCIAL ENGINERING CYBERATTACK PREVENTION

Social engineers manipulate human feelings, such as curiosity and fear, to implement plans and trap victims. Be careful therefore when you’re concerned about an e-mail, the offer on a site, or the stray media that lie about you. You’re cautious. You can protect yourself from most social engineering attacks in the digital world by being warned.

In addition, the following tips can help to improve your alertness towards social technology hacks.

DON’T OPEN SUSPICIOUS EMAILS AND ATTACHMENTS

You don’t have to answer an e-mail if you don’t know the sender. Even if you know them and are suspect of their message, check and confirm news from other sources, for instance by telephone or directly via the website of a service provider. Note that email addresses are always spoofed; an attacker might have actually initiated an email supposedly coming from a trustworthy source.

USE MULTIFACTOR AUTHENTICATION

User authentication is one of the most valuable information assailants to look for. The use of multi-factor authentication assures the protection of your account in case of system damage. Imperva Login Protect is a 2FA solution easy to deploy that enables you to increase your application’s account security.

BE CAREFUL ABOUT TEMPTATION

Think two times before you accept an offer as a fact. if an offer sounds too enticing. Googling can help you quickly to find out if you have a legitimate offer or trap.

To read the original article:

https://headleaks.com/2019/11/25/waterloo-brewing-loses-usd-2-1-million-in-social-engineering-cyberattack-Z25XanZLa3ErelVVMWpjNmoyUnNnUT09

Top

Interdit de copier  ce contenu