Not so friendly ghosts: Email ghosting represents threat to organizations
Managers and supervisors expect that employees will follow instructions. This is such a central part of the employment relationship that it goes without saying. However, employees’ instinctual execution of instructions from supervisors can also jeopardize an organization.
This blog has previously covered cybersecurity threats faced by businesses large and small. One particularly insidious threat comes from what is known as “email ghosting.” An email ghosting attack involves hackers setting up a phony email address that mimic the email address of an employee or manager at an organization. Hackers will then send fraudulent requests for information or money.
Krebs on Security recently reported an incident involving the company AFGlobal Corp. According to court filings, the director of AFGlobal’s accounting department received email from an individual claiming to be the CEO of the company:
This is a strictly confidential financial operation, to which takes priority over other tasks. Have you already been contacted by Steven Shapiro (attorney from KPMG)? This is very sensitive, so please only communicate with me through this email, in order for us not to infringe SEC regulations. Please do no speak with anyone by email or phone regarding this. Regards, Gean Stalcup.
Shortly after receiving this email the director of accounting received a phone call and email from someone purporting to be Mr. Shapiro requesting $480,000. The director of accounting wired the money to the provided bank account located in China.
In another example, Krebs reported on another company whose controller received an email purportedly from the company’s CEO requesting all employee W-2s. Employees at the company had recently completed training on identifying suspicious emails, so they were not fooled by the purported CEO’s request.
In even more sophisticated versions of this kind of attack, hackers will gain access to an organization’s internal email server in order to observe patterns of communication between employees and management. When a manager leaves for a scheduled vacation, the hackers can take advantage of the absence by sending emails to employees requesting sensitive information, or authorizing movement of funds to bank accounts overseas. These attacks depend on employees’ willingness to follow instructions, and weak internal controls to verify the authenticity of a request.
The FBI reported the following statistics from these email ghosting attacks for the period October 2013 through August 2015:
| Total U.S. Victims | 7,066 |
| Total U.S. Exposed Dollar Loss | $747,659,840.63 |
| Total Non-U.S. Victims | 1,113 |
| Total Non-U.S. Exposed Dollar Loss | $51,238,118.62 |
| Combined Victims | 8,179 |
| Combined Exposed Dollar Loss | $798,897,959.25 |
These statistics reflect the increasing volume and risk posed by email ghosting attacks. In many of these cases, stronger internal controls will help employees identify unusual requests. For example, many of these attacks can be defeated by requiring employees to talk to managers before performing certain tasks like transferring money. Organizations should consult with legal counsel about developing policies to identify and prevent these kinds of attacks.
The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed.
Source: http://www.dickinsonlaw.com/2016/03/friendly-ghosts-email-ghosting-represents-threat-organizations/
Anyone can join.
Anyone can contribute.
Anyone can become informed about their world.
"United We Stand" Click Here To Create Your Personal Citizen Journalist Account Today, Be Sure To Invite Your Friends.
Humic & Fulvic Liquid Trace Mineral Complex
HerbAnomic’s Humic and Fulvic Liquid Trace Mineral Complex is a revolutionary New Humic and Fulvic Acid Complex designed to support your body at the cellular level. Our product has been thoroughly tested by an ISO/IEC Certified Lab for toxins and Heavy metals as well as for trace mineral content. We KNOW we have NO lead, arsenic, mercury, aluminum etc. in our Formula. This Humic & Fulvic Liquid Trace Mineral complex has high trace levels of naturally occurring Humic and Fulvic Acids as well as high trace levels of Zinc, Iron, Magnesium, Molybdenum, Potassium and more. There is a wide range of up to 70 trace minerals which occur naturally in our Complex at varying levels. We Choose to list the 8 substances which occur in higher trace levels on our supplement panel. We don’t claim a high number of minerals as other Humic and Fulvic Supplements do and leave you to guess which elements you’ll be getting. Order Your Humic Fulvic for Your Family by Clicking on this Link , or the Banner Below.
Our Formula is an exceptional value compared to other Humic Fulvic Minerals because...
It’s OXYGENATED
It Always Tests at 9.5+ pH
Preservative and Chemical Free
Allergen Free
Comes From a Pure, Unpolluted, Organic Source
Is an Excellent Source for Trace Minerals
Is From Whole, Prehisoric Plant Based Origin Material With Ionic Minerals and Constituents
Highly Conductive/Full of Extra Electrons
Is a Full Spectrum Complex
Our Humic and Fulvic Liquid Trace Mineral Complex has Minerals, Amino Acids, Poly Electrolytes, Phytochemicals, Polyphenols, Bioflavonoids and Trace Vitamins included with the Humic and Fulvic Acid. Our Source material is high in these constituents, where other manufacturers use inferior materials.
Try Our Humic and Fulvic Liquid Trace Mineral Complex today. Order Yours Today by Following This Link.
| Online: | |
| Visits: | 1,613,259,049 |
| Stories: | 8,179,261 |
Whistler Blowers, Insiders
