Half a million euros have already been successfully stolen – the hackers in Munich only attack international companies. Technical aids fail – Fraud meshes are known, are however most professional carried out.
Police is powerless so far – can’t assign attackers to any country.
It’s not a new scam, but it’s done very professionally. As with many other cyber attacks, this attack begins with very good phishing, sometimes spear phishing mails. The goal is to gain access to mail accounts. Messages are read along, entertainment is partly latched into.
This procedure was already crowned with success at 15 companies in Munich. Individual transfers of EUR 200,000.00 to hackers were thus triggered. The goal is not a specific industry. The only thing the victims have in common is obvious: they are all internationally active and transfer large sums abroad in their day-to-day business.
Hackers in Munich strike with Look-a-like Domains to
They read along, do research, and in the end the hackers in Munich strike with an e-mail address that meets current security standards. DKIM, SPF and DMARC records are set. The e-mail of the criminals is of the security level higher than the one or other mail infrastructure of various companies. No reason to classify the mails as spam or junk.
What is perfect from a technical point of view, makes the way for fraud. The “last line of defense” is then the employee. If the fraud is not noticed here either, the transfer goes through. Reasons are often given for changing the account details. Often the talk is of “tax reasons”.
Hackers in Munich keep the contact also after the fraud!
Speed is everything. If the scam is reported fast enough, there are ways to get the money back. The hackers who strike in Munich also have this knowledge. Exactly for this reason the contact is held also after the execution of the fraud mesh. The criminals can then distribute the money with great care. Where it lands? The police are also puzzling about this. The investigations still no fruits carried. Even the country of origin of the criminals is not yet known.
Employees must be trained to prevent fraud.
“Last Line of Defense” – sounds spectacular and can be advantage and disadvantage at the same time. Trained employees balance the weaknesses of technical systems and prevent fraud at the last step. Once the technical hurdles have been overcome, untrained employees are an easy game for hackers.
If you are interested in a Live Hacking & Awareness Show, want to train employees to prevent fraud, you can contact us without obligation.
You are interested in Live Hacking?
Contact us now without obligation!
+49 (0) 209 – 9596 – 766
Sevencast – der IT-Security Podcast
Von unterwegs, im Büro oder zu Hause hören und auf dem aktuellen Stand bleiben!