The “ceo-fraud” risk rises: the contacts of 4 thousand Italian managers for sale on the dark web

The discovery of Cert Yoroi: the leak concerns emails and telephone numbers of executives in the banking and insurance field. And it could give rise to a new wave of cyber attacks and fraud attempts in the coming weeks

22 Nov 2021 A. S.

The data of an important number of managers, 3,887 to be exact between telephone contacts and e-mail addresses of executives of Italian companies in the field of banking and insurance, have ended up for sale on the dark web. To find out was the Cert of Yoroi, a company specialized in the field of cybersecurity, which raises the alarm on the fact that this new leak could give rise in the coming weeks to a series of new attempts of fraud or cyberattacks based on the technique of social engineering. According to Yoroi's analysis, this could be the so-called "CEO fraud", or manager scam, with criminals who, starting from the personal data in their possession, could pretend to be managers to defraud the victims. From these considerations arises the invitation that starts from Cert Yoroi, addressed to the staff of banks and insurance companies, to be on the alert when they are faced with unexpected emails, and to make all the necessary checks before any replies, up to reporting suspicious messages and requests to internal security bodies. According to the data cited by Yoroi, which takes the information made public by the FBI as the source, email scams would have produced damage to companies for 1.8 billion dollars in 2020 alone, and the phenomenon is still growing. These are numbers that exceed those of ransomware in terms of economic damage. Business Email Compromise (Bec) scams involve the hacker putting himself in the shoes of a manager or employee of a company to trick the recipient of the email into responding to an unexpected request, such as the transfer of money to an account other than the usual one, relying on the authority of the alleged sender and the urgency of the action. Three types of scam against which Yoroi warns, starting with that against human resources, in which the attacker presents himself as a representative of the HR and solicits personally identifiable information, to be used later to extort money or to prepare for a more complex attack. Then there is the accounting scam, with which the attacker impersonates a trusted supplier of the company using counterfeit emails, and then asks to pay the invoice on an account other than that used by the supplier. And finally, the CEO scam, with the hacker posing as a high-level executive of the target company, and requiring the transfer of funds to a bogus account that the criminal can access directly or through an intermediary. "Generally these requests appear credible - Yoroi emphasizes - as they are enriched with details relating to the recipient's function and knowledge of company dynamics, but are characterized by reaching the end of the working day or near the weekend when employees are tired and they are in a hurry to close the weekly business. In the Bec scams - moreover - cybercriminals recommend to victims to keep the communication received via email confidential, to communicate only via email and not to ask for other explanations on the phone ". The recommendation is to pay attention to unusual and urgent requests made in imprecise Italian and coming from email addresses unknown or similar at first sight to the originals, in order to deceive the victims, or by asking the recipient to reply to a different reply address.