Beware of cyber crime

Over the past months the AWDC Security Office noticed an increase in cyber crime incidents (please see below) affecting diamond companies within the Antwerp Diamond Area. Regrettably, several cyber criminals were successful, while others fortunately failed and were foiled solely because of aware and alert diamond company staff! The losses range from one thousand to hundreds of thousands of dollars, and are in most cases unrecoverable. Cyber crime is not automatically covered in typical diamond-related insurance policies. Contact your insurance broker for more information.

Phishing

Phishing is the attempt to acquire sensitive information such as user names, passwords, bank or credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication. In addition to known attacks using BNP Paribas, bpost, FPS Economy, etc., lately names of well-known international or Antwerp-based diamond companies and organizations were used to conduct phishing attacks.

Electronic invoice fraud

Cyber criminals electronically intercept original invoices (in pdf or Word) sent by e-mail from the vendor to the buyer, modify the bank account and payment information and then re-submit the changed invoice to the buyer. If the buyer does not notice that the bank or payment information has been changed, they actually pay to the cyber criminals. This leads to disputes between the original vendor and buyer. Banks and bank accounts in Hungary, Poland, Spain, Hong Kong and the UK are used frequently in this type of fraud.

CEO or Presidential fraud

By fraudulently adopting the identity of the organization’s CEO or President, this scam consists in convincing the diamond company employee by e-mail, fax or telephone (often impersonating a lawyer, or a notary) to make an urgent or important bank transfer to a third party. The aim is to convince the employee that a company leader has issued a payment order under the pretext of debt repayment, a contract provision or a deposit, for instance. These types of fraud are created by well-organized criminal organizations with complete knowledge of the market, structure and customers of the companies they are attacking. They use this knowledge to create the necessary arguments to convince their victim to act according to their wishes.

Microsoft (MS) Scam

Cyber criminals pretending to be Microsoft technicians call victims to state that their computer is causing problems on the Internet or network, and propose to solve the problem by remotely taking over the computer. They then install malware (key loggers or spyware) in order to gain access to the victim’s data and/or bank account.

As stated: staff awareness and alertness are crucial, especially staff authorized to perform financial transactions, including contracted accountants!

5 golden rules for diamond company staff

1. Check:
   
   1. Unexpected, unknown, unusual e-mails or senders
   2. Verify the entire e-mail address à xxx@xxx.xx
      
      1. Look for abnormalities: mistakes in first or last names, use of underscores “_”, different extensions ex: “.me” i.s.o. “.be”
      2. Check the e-mail in “source code”
   3. For changed or unusual bank or bank account information, incl. payment instructions
   4. And if in doubt = stop and personally check and contact the vendor = inform IT or Supervisor
      
      1. Do not reply to the suspicious mail. You’re communicating with the cyber criminal!
2. Don’t click and open links in suspicious e-mails
3. Don’t open attachments in suspicious e-mails – screen with Anti-Virus programs
4. Don’t inter-use USB’s, external hard drives between controlled and uncontrolled IT environments
5. Report suspicious incidents to IT or Supervisor
   
   1. If you have been a victim of cyber crime, report it to AWDC SO and the Local Police.

AWDC Security Office organizes monthly “Cyber crime awareness briefings” for the Antwerp Diamond Community. Participation and registration is free of charge for members of the Antwerp Diamond Community. Dates and times are announced in the AWDC Newsletter, on TV-screens at AWDC and on the signboards outside the AWDC.

For more information, questions or remarks: info@awdc-securityoffice.be - +32 3 222 0772