In honor of October being National Cyber Security Awareness Month, we ask you to consider this scenario:
How Cyber-Criminals are Stealing Direct Deposit Information
Bob is in a hurry, running from meeting to meeting and one day he receives an email from his organization’s “PeopleSoft Admin” claiming his password is expiring. What does Bob do? Well, given he checks his paystubs every two weeks, he just adjusted his medical benefits, and made a revision to his W-4 – he “confirms” his old password (to create a new one) so he doesn’t run the risk of getting locked out of his account. Bob has now become the latest spear-phishing victim. Sadly, the email from the “PeopleSoft Admin” was actually coming from a cyber-criminal using a targeted phishing email to dupe Bob into surrendering his PeopleSoft credential. Now that our cyber-criminal has Bob’s information, they immediately log into Bob’s payroll account, change his direct deposit destination, and wait until payday. Once payday arrives, they get Bob’s direct deposit, log back in to Bob’s account, change Bob’s direct deposit information back (essentially erasing their tracks), and leave Bob to wonder why his paycheck has not been deposited. Bob has no choice but to call HR so they can begin the painstaking forensic process of unraveling the mystery of Bob’s disappearing paycheck.Data Breaches on the Rise
According to Verizon’s 2017 Data Breach Investigation Report, “81% of hacking-related breaches leveraged either stolen and/or weak passwords.” Rather than breaking in through the door or windows, the intruders are stealing keys and guessing the passwords of your users – and erasing their tracks as they leave with your data. Organizations are foolish to think that focusing their resources solely on powerful firewalls will keep their data safe. With 81% of hacking-related breaches using valid passwords – the challenge is about protecting your belongings when the robber is already in your house. Phishing and spear phishing tactics often play a significant role in these malicious acts. Users being asked to “reset” or “verify” their passwords with authentic-looking emails have proven to be a successful means for attaining credentials. The level of sophistication of phishing and spear phishing emails is being raised daily, and given the pervasive use of mobile devices for accessing ERP applications, cyber criminals know that mobile users can often be the most vulnerable. In addition, with PeopleSoft users’ continued adoption of Fluid pages (seeking an optimized mobile UI) the problem will only get worse. 2017 has been an especially challenging year for IT security professionals. Consider these findings from Gemalto’s First Half of 2017 Breach Level Index Report:- Nearly 2 Billion – Records Breached in First Half of 2017
- 918 – Number of Breach Incidents in First Half of 2017
- 164% – % increase of compromised records in first half of 2017, compared to the last half of 2016