When first reading about how elderly Japanese fall prey to the “Ore, ore” (“It’s me, its me”) scams, I thought it could only happen to the senile. Who else would fall for so obvious a fraud?
Under the scam, swindlers phone elderly people pretending to be a relative in urgent need of money. Most seniors sense the fiddle, but enough fall for it. “Ore, ore” scams account for about $145 million out of $462 million lost through ‘special fraud’ in Japan each year, the majority by people aged 65 or older.
But deception of this kind isn’t limited to the elderly. Speaking in Tokyo earlier this year before the American Chamber of Commerce in Japan, Chairman, President and CEO Mark McLaughlin of cybersecurity firm Palo Alto Networks described just how easy it is for any individual or corporation to be similarly duped through cybercrime.
McLaughlin is also Chairman of the National Security Telecommunications Advisory Committee (NSTAC), an arm of The Department of Homeland Security.
According to McLaughlin, the typical cybercriminal socially engineers its victims using Facebook, LinkedIn, Twitter and other social websites. “This is not hard,” he says.
Their first goal is to build an organizational chart. The names of top managers including those of the CEO, CFO and treasurer are pulled off a company’s website. If not freely available, that information is cheaply obtained from online firms that will build an organizational chart for about five dollars.
Next, the crooks look up the treasurer on Facebook to discover his or her hobbies and interests. Through Twitter they discover who is reading and following the treasurer’s tweets.
Then says McLaughlin, the cybercriminals plan their attack. They might send a recent news article on a topic of interest to the treasurer. If for instance he or she likes to sail, they send a clipped article about sailing. The email might say, “I thought you might find this article about sailing of interest.” The email spoof looks as if it is coming from a trusted friend or colleague. He or she has no reason to doubt the email’s authenticity. So it is opened and read. Unknown to the treasurer, the email contains a ‘dropper’ containing malware.
As soon as the message is opened, malware containing a keylogger is loaded onto the treasurer’s computer. The keylogger records every stroke of the keyboard, passing database usernames and passwords onto the crooks. They use information gleaned from the databases to plan their final act of fraud.
Another spoof is sent ostensibly from the CEO to the CFO with a forward to the treasurer asking that, for example, $75,000 be immediately wired to a named account for some logically sounding but phony reason. The unsuspecting CFO acts in good faith, not realizing until afterwards they and their company have been duped.
This scenario, notes McLaughlin, occurs 5,000 times a day all over the world including in Japan. It is only one of many forms of cyberattack and “demonstrates the sophistication of the attacks and how hard they are to see and understand,” he says. Almost anybody can be victimized.
Cybercrime is a $445 billion worldwide industry that is growing rapidly. The attackers are no longer “smart people,” says McLaughlin. “They are smart, well-financed people.”
Beacon Reports reveals Japan through the lens of thought leaders. Subscribe free!