Hello, welcome to the Thursday, January 3rd, 2019 edition of the Sandtonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Last week I asked for sample of CEO scams and credit card scams.

Well, we got a number of great submissions and Lorna today published the one case that I think

is in particular telling as to what lengths these attackers go through in order to actually

lure their victims into buying them gift cards.

So first of all, the attackers appear to be doing at least some manual reconnaissance here. These emails are typically not

sent to everybody in the company, but only to a couple of individuals. Now, in the case that

Lorna picked, the individual that received the email, was actually a fairly

new employee.

So there's one question as to how the attacker actually got this employee's email address,

and then, of course, the sender of the email claimed to be the company's CEO.

Throughout the entire exchange of several emails, the attacker

kept replying rather quickly with customized responses. This doesn't look like anything this was

scripted. The entire exchange lasted about five hours until the victim cut it off. These attacks have become very popular in particular around holidays, but we have also seen

them sometimes used after disasters.

For example, I think I mentioned it after the California wildfires, where some companies

have seen requests like this that claim to come from, for example,

again, high-ranking officials in the company to, for example, help out victims of these

wildfires who also happen to be customers of the company. So the real question, of course,

is how do we defend against these kind of attacks?

And, well, there isn't sort of a simple fits all solution for this.

...