(pc-Google Images) |
In brief, the Meath County Council was found victim of a specifically popular type of scam in which, an employee who has the control of accounts is sent a spoof message purporting to be from, for instance, the company chief executive. That person is asked to transfer a large sum of money into an account. The money is duly transferred to the scammers.
If in case, the whole thing comes to light fast enough, the shift can perhaps be retrieved or frozen, as was the case with the Meath mega-sum, now stuck in a Hong Kong account.
(pc-Google Images) |
Mathematician Norbert Wiener’s 1948 book Cybernetics or Control and Communication in the Animal and the Machine, is acceptable to utilise ”cyber" in order to discuss cybernetics (should you be so inclined) or even cyborgs – short for cybernetic organisms.
And cyber also may be used at will if discussing William Gibson’s famed 1984 novel Neuromancer, which is known for introducing the term cyberspace to the world. The popularity of the novel, however, seems to be responsible for the release into the wild of all the unwanted silly cyber variations that taint our knowledge today.
Just because the novel passes for cool cyberpunk (arguably, an allowed usage) does not mean your use of cyber is cool. It almost certainly is not.
Nothing catches a wannabe geek desperately vying for street cred, a generalist in search of a trendy speciality, or an insecure self-promotional IT security professional like sticking "cyber" in front of a job title or using the word liberally in every reference to anything digital.
This is of course why governments, surveillance agencies and a host of makey-uppy experts wave the word around as legitimate with all aspects.
Because let's get this straight. If the term cyberattack is going to be forced on us at every level, it has to at least be in an appropriate context in which it is just about acceptable for security experts to sometimes use it. That means a major and debilitating attack using computers and the internet, by the most sophisticated of criminal hackers or those acting on behalf of a nation state.
Garden variety fraud
It should not be extensively used because an email was used to perpetrate a garden variety fraud, as in the case of the Meath scam. It could just as easily have been a letter in the post, a text or a phone call. But in this case “the vector of attack" appears to have been an email. This uses basic social engineering – pretend to be someone you are not and sometimes a third party will be taken in and you’ll get useful information, access to networks, or money transfers.
By international measures, this was indeed a big scam. When the FBI sent out an alert last spring warning about a massive increase in these so-called CEO scams, it noted the average loss to duped companies was $25,000-$75,000.
Mattel – the giant multinational toy company – lost $3 million in 2015 to a CEO scam. Meath County Council nearly outperformed Mattel.
Incidentally, one common way of perpetrating these scams, according to the FBI, is free email services. Hack into someone in authority’s account, send an email seeming to come from that person . . . Just saying, maybe some of our politicians and State employees need to think again about those Gmail accounts they also use for business matters.