Editor's Note: Chris Boyd is a lead Malware Researcher for Malwarebytes. He is one of the speakers for the upcoming European Security Awareness Summit in London 11 Nov. Below he discusses his talk on CEO Fraud.
There's a lot you can do in 10 minutes.
- Listen to 3 pop songs.
- Read a 2,000 word short story.
- Buy something cool online.
- Find out which data dump you're now a part of by browsing Twitter when you get out of bed. Return to 3).
- Congratulate yourself on escaping the buy / breach routine, and ponder whether or not to apply those Windows updates (spoiler: you should apply those Windows updates).
Something else you can do in 10 minutes is listen to me explain, in rapid-fire fashion, why CFO Fraud is potentially organisation-ruining and what you can do to combat it. CFO Fraud - where scammers pretend to be an organisation's CEO, before pressuring the finance team into wiring large sums of money - costs businesses Worldwide upwards of $2 billion a year. One mistake, one lapse in attention, can result in a company being brought to its knees financially. Once the money has been wired to the con-artists, it's highly likely that none of it is coming back. One company alone recently lost $44 million to a CFO fraud attack; do you dare risk that kind of loss instead of deploying some basic, common sense tactics to ward off the threat? There's certainly no time like the present. Unlike some other security issues, there is no safety net for this one - you're on your own. Banks, Law Enforcement and whoever else you can summon to assist probably won't be able to retrieve the stolen cash - once it's gone, it's typically gone for good. This CFO fraud themed session will seek to deliver the following key points:
- What is CFO fraud?
- Scammer tactics
- How can your organisation prevent it?
What you will learn includes:
- Common CFO fraud techniques and warning signs
- Potential impacts to business when using certain security techniques
- A selection of easy to implement security tips
- Suggestions for businesses to reduce their social media threat footprint
So, there we are. If you're in the business of saving money - and who isn't - it could be 10 of the most useful minutes of your working week. All I ask is you leave the 3 pop songs alone until after the session...
Malware Intelligence Analyst
BIO: Malware Intelligence Analyst (Malwarebytes) Chris is a 7 time Microsoft MVP in Consumer Security and former Director of Research for FaceTime Security Labs. He has presented at RSA, Rootcon, VB, IRISSCON, and SecTor, and has been thanked by Google for his contributions to responsible disclosure in their Hall of Fame. Chris has been credited with finding the first rootkit in an IM hijack, the first rogue web browser installing without consent, and the first DIY Twitter Botnet kit. His work was also referenced in the People of the State of New York v. Direct Revenue, LLC.