Nearly all of us appear to have had a Facebook account at some point in recent years and yet it seems a lot of the time when you speak to people, more people say they no longer use it, than people that do. The total number of people that use Facebook each month decreased by roughly 2 million in the three months leading up to July 2022 (Datareportal). If you are not logging in to your Facebook profile then your password doesn't matter, right?
Let us share with you an anecdote brought to us by our expert CEO and thought leader Etienne Greeff – then I’m sure we will all agree on the answer to that question...
We recently worked with a customer who was targeted by email. The employee received an e-mail from a commonly used supplier saying that the bank detail of an invoice had changed. This isn't atypical – these Business Email Compromises (BEC) are very common with users averagely receiving 14 malicious emails per year (Tessian)
What was unusual about this instance was that the email referred to a recent legitimate invoice that had been received by the invoicing clerk. The amount matched exactly; everything was as expected. It was hard to believe an outside party could have known the exact details of the invoice including the value, so the clerk paid the invoice as standard. Only to discover an issue when the supplier called to check when payment of the invoice was scheduled to be processed. So how did this happen?
There would be no reason to care about our old Facebook passwords gathering dust, if it wasn’t for the fact that a large portion of people re-use passwords. Facebook has fallen victim of a hack resulting in the compromise of many usernames and passwords. Hackers are fully aware that people re-use passwords and of course, exploit this. Therefore, when they target a business, such as the one central to our anecdote, they use LinkedIn to match compromised Facebook login details to the users within the business who are responsible for paying invoices.
Hackers then see which of the companies have O365 e-mail systems as this allows people to log onto e-mail remotely. They then try the bank of compromised Facebook passwords, in hunt for the undoubtably re-used ones. From previous research we know that in almost 10% of cases there are multiple users within a business that use previously compromised passwords... Still with us?
Once logged into O365 the hacker now has access to the inbox. They will then put an inbox rule in place, which automatically forwards e-mails to another account to guard against the person changing their password. They then look out for an e-mail from a supplier with an invoice. They have the exact details of the invoice, know where it’s come from, who it’s come from and the bank details. They then send an identical e-mail appearing to come from the supplier but with a different bank account. For extra points they even often delete the original e-mail so only the forged e-mail with the wrong account detail is in the inbox...
So I think we will all agree that yes, your Facebook password does matter.
Malicious emails are one of the most common types of cyber attacks and so often we depend on our users being our final line of defence against them. But even the most savvy users are up against threat actors, who just need to be one step ahead. Educating users against attacks of this nature and giving them the tools and knowledge to detect and report these emails will always be important. However, educating users isn't enough, there needs to be defence solutions in place for when one does ‘slip through the net’.
If this is an area of interest, why not watch our on-demand webinar which explores this topic and detail how organisations can implement a layered approach to defend against these attacks. Incorporating the human element of this approach.
