Sometimes you do everything right, and yet the hackers strike. This is what happened to a craft business from Berlin: invoices were sent to customers in its name, who paid them immediately. There was no mistrust, because the customers had actually worked with this service provider in the recent past. How can something like this happen? Perseus answers this question and once again acts as an expert for the search magazine “Täter, Opfer, Polizei”.

Cybercrime in craft businesses

The threat of attacks from the Internet is increasing. The IT forensic experts and cyber experts at Perseus are also noticing this. The number of cyberattacks increased by 67 percent from the second half of 2019 to the first half of 2020. According to an internal analysis of cyber emergencies handled by Perseus cyber experts, electrical, installation or tool companies are also repeatedly among the victims. For Detective Chief Inspector Peter Vahrenhorst of the North Rhine-Westphalia State Criminal Police Office, this is no surprise. In an interview that Perseus conducted with him on the occasion of his cybersecurity study, he explained that small and medium-sized companies in particular are victims of cybercrime. The reason for this is the fact that these companies often do not have sufficient resources to comprehensively deal with the topics of cybersecurity and data protection. The main business is in the foreground.

Craft businesses do not see a cyber risk for themselves

A study by the Signal Iduna Group from 2019 took an in-depth look at cybersecurity in the skilled trades. Here, 500 digitally connected companies were surveyed. It turns out that the general danger is still clearly underestimated. Three-quarters of the companies surveyed state that they do not see any acute threats to their own company. According to their assumption, they are too small to arouse the interest of hackers. A fallacy, as the result of this study shows. More and more craft businesses are being targeted by cybercriminals. According to the Signal Iduna study, almost one in five companies has already fallen victim to an attack.

The causes are complex: Weak passwords, the use of public Wi-Fi connections and unsecured communication channels are among the most exploited security gaps. However, e-mail is still considered the greatest source of danger. In more than 80 percent of cyberattacks on craft businesses, this served as a gateway.

CEO – Fraud as a scam

As described in the introduction to the example of the Berlin craft business, phishing in particular is one of the most common types of attack – and here in particular the CEO – fraud. CEO fraud is the use of everyday professional situations to trick employees into transferring a large sum of money or sharing sensitive data through fake emails from their supposed superiors.

CEO fraud is usually based on extensive research. The hackers inform themselves about the company, the employees, the supervisor and the company structures. Often, the hackers choose a specific victim about whom they obtain additional information. All channels are used for this purpose, such as the company homepage, social media profiles or direct calls to the company.

Then the actual attack takes place. This is done either by compromising an email account or using a domain that is deceptively similar to the one being impersonated. The previously collected information is now used to carry out the scam. The communication and writing style of the supervisor is imitated so that no mistrust can arise among the employee. To make the process even more realistic, the payment request is preceded by an e-mail exchange, in which it is often explained why you as a supervisor are temporarily unavailable and are therefore not available for telephone queries.

As with other phishing attacks, the attacker plays on the victim’s emotions by either building up pressure or appealing to the sense of shame that, for example, an invoice was not transferred on time. With these means, hackers often achieve their goal and the employee transfers the desired amount.

How can you protect yourself?

There is no such thing as one hundred percent protection, but there are small indications by which CEO fraud can be recognized.

1. You should check the sender’s e-mail address and the domain carefully. Small anomalies, such as the absence of a letter, can already provide information that a fraudster is at work. It is particularly recommended to configure the e-mail program used in such a way that the sender’s e-mail address is always displayed in addition to the sender’s display name, as the sender’s name is increasingly forged by hackers.
2. In addition, the text of the email should be checked carefully. If there are more spelling mistakes here, it may be a phishing email.
3. Communication and writing style can also provide important insights. If the supervisor’s address is suddenly “you”, even though you are actually on a first-name basis in the company, this can be an indication that the email does not come from the boss.

Nowadays, however, hackers are so professional that it is almost impossible to distinguish a scam email from a real one. It is therefore advisable to call in another person to assess the incident. At the slightest doubt, you should listen to your gut feeling, because prevention is better than cure.

TV TIP:
Perseus in the TV magazine “Täter, Opfer, Polizei”

For a long time now, not only series of burglaries or violent crimes have been presented in the TV magazine “Täter, Opfer, Polizei”. Hacker attacks and cybercrime are increasingly coming into focus. As in this episode (first broadcast on Sunday, 29.11.2020, 19:00 on RBB). Here the current case of the Berlin craft business, which was the victim of a hacker attack, is discussed here.