4 Ways to Defend Against Pretexting & Phishing Scams

Share and earn Cybytes
Facebook Twitter LinkedIn Email


As much as Insider Threat involves malicious employees trying to steal data, trade secrets and other information, many forget that the Insider Threat is also comprised of employees who make simple mistakes; mistakes that can cost your company millions of dollars. These mistakes include responding to Phishing Emails and Pretexting Emails. For context, a Phishing Email (also referred to as SpearPhishing) tries to get an employee to click on an attachment, which generally has some type of malware attached. In a Pretexting Email (a form of social engineering in which an individual lies to obtain privileged data) the criminal is primarily purporting to be someone they are not, usually within the victim organization (e.g., the CFO who instructs the victim to approve a fraudulent Automated Clearing House (ACH) transfer). [Source: 2016 Verizon Data Breach Investigation Report].

Aside from the fact that this email appears to be real, the pretexting message works because it carries with it a sense of urgency. It asks the Finance Department to transfer money immediately to a third-party, perhaps outside of the normal chain of events and approvals that lead to a wire transfer. The Finance employee, in a panic, fails to properly assess the potential threat, and begins the paperwork for the transfer. The employee then sends details of the transaction to the C-Level Manager for approval by responding to the false email. The third-party (the criminal acting as the C-Level Manager) will, of course, approve the transaction. Soon, the money is transferred – perhaps to a bank account in Switzerland or the Cayman Islands – never to be seen again.

The worst part? It can take weeks, or months, for a company to even notice the breach!

Just a few weeks ago, an employee at a Troy, Michigan investment firm was tricked via a Pretexting Email into transferring almost $500,000 to a bank in Hong Kong. According to The Detroit News, a Pomeroy Investment Corp. filed a report on April 18th which stated that a member of their staff had sent $495,000 overseas to China after receiving an email request purportedly from a company executive. The error was noticed eight days after it took place

So how do you prevent Pretexting Email or Spearfishing attacks?

  • Filter emails. This way, a person will never even have a chance to interact with a suspicious email borne threat.
  • Provide Awareness. Awareness training is really going to be key for your employees. Whether it is an all-hands-on-deck finance meeting, or a high-priority reminder email, your business is at risk if your employees are not given the information or the risk assessment tools to help them look out for these types of scams.
  • Establish a Policy to Handle Suspected Pretexters. What happens when you catch a Pretexter? Develop a policy on how to handle the situation: Should the employee notify the policy or your internal security department?
  • Get an Insider Threat Management solution (like ObserveIT) that will provide pop-ups when a Finance employee decides to transfer money — especially when it’s outside of your company’s typical protocol. It can be as simple as a reminder that says “Did you seek voice verification for this transaction?” Or even a notice that the employee’s actions are being recorded. This way, your Finance Department employee has a final chance to make the phone call that can save your company hundreds of thousands of dollars.


Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About ObserveIT
ObserveIT is a user monitoring and investigation solution that identifies and eliminates insider threats. It continuously monitors user behavior and alerts IT and Security teams about activities that put their organizations at risk. ObserveIT provides comprehensive visibility into what all users are doing, while meeting compliance standards and reducing investigation time from days or hours to minutes.
Promoted Content
[report] 2018 Cost of Insider Threats: Global Organizations
According to The Ponemon Institute’s report, “2018 Cost of Insider Threats: Global Organizations,” the average cost of an insider threat annually is $8.76 million. It’s critical for organizations to understand the main causes of insider threats, because detecting insiders in a timely manner could save millions of dollars. Depending on the industry and size of company, the cost of an insider threat varies dramatically. Check out the full report to see The Ponemon Institute’s findings, and understand how to detect and prevent insider threats in the future.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?