Beware of the Dyre Wolf: Sophisticated New Scam Targets US Corps
A new phishing scheme to be on the look out for, one which is stealing millions from American companies and making headlines for its sophistication. This new threat to your cyber security adds a twist to traditional schemes: using live, human operators who fraudulently obtain your information during mock customer service calls.
The scam, labeled "Dyre Wolf" after the extinct and often mythologized predator, was discovered early in April by IBM. It's brought in $1 million thus far. That's nothing compared to many other schemes -- another sophisticated online fraud resulted in a $26 million judgment just the other day. Why is Dyre Wolf something to be concerned about then? The fact that it targets U.S. businesses and that it does so so well.
A Three Pronged Attack
According to IBM, the phishing scheme begins with spam emails with attachments. When the attachment is opened, it installs "Dyre" onto computers. That program recognizes when users visit a bank website and creates a false message that the website is down, providing a customer service number instead. Of course, that number isn't actually for the bank, but criminals in Eastern Europe who obtain bank info and quickly drain accounts. To slow detection, the theft is paired with an attack on company computer systems.
What to do if You're Targeted
IBM hasn't released which companies have been attacked, but there are a few steps attorneys can take to protect themselves and their companies. First and foremost is the "look both ways" of Internet usage: never, ever open an attachment from a source you do not trust and recognize. You know that, so make sure every employee does as well. Secondly, make sure the company is using a reliable anti-virus program, which may be able to detect such programs as Dyre. Finally, avoid and counsel employees to avoid providing banking information over the phone.
The losses associated with a cyber security breach can be high. Of course, there's the money that's directly stolen, and IBM notes that the Dyre Wolf scammers have been sophisticated enough that none of the missing $1 million has been found so far. But there's also the damages stemming from that loss, including liability to others should their information be compromised. For this reason, many businesses are investing in cyber insurance to help protect against the risks of an attack.
Related Resources:
- The Dyre Wolf Campaign: Stealing Millions and Hungry for More (Security Intelligence)
- Lawyers Must Do More to Protect Cybersecurity (FindLaw's Technologist)
- Send Fake 'Phishing' Emails to Test Employees? (FindLaw's Free Enterprise)
- Proactive Domain Name Purchases: How to Head off Domain Trolls (FindLaw's Technologist)