Home Real-life Cyberattacks Cases
The Institute for the Financial Management of Education (IGeFE) in Portugal has recovered around 2.5 million euros unduly transferred due to computer fraud, according to an announcement by the Ministry of Education, Science and Innovation (MECI). The recovery of the funds was possible thanks to IGeFE's rapid reporting to the authorities and the collaboration of the organisations involved, including the banking system. The fraud, which involved three bank transfers to the wrong IBAN, is characterised as CEO fraud, where the fraudster posed as an official from the company providing the services, requesting that the payment IBAN be changed.
                
                Full story here (content in PT).
            
Cyber attacks with serious consequences are increasing, so we need to be more alert and informed about what they involve and what their consequences are. In this case and others, there is seriousness and a significant impact on IGeFE's operations, which leads to greater concern about implementing rigorous preventive measures to avoid similar situations occurring in the future. We highlight some security measures that should be adopted to strengthen cybersecurity and the integrity of financial operations:
Security policies
Establishing clear and cohesive policies on financial instructions should be a security measure to consider so that everyone can receive and verify them. In this regard, employees of organisations should have access to training on the most common methods of cyber fraud and how to act in the event of an attempted attack.
Identity verification
Implement strict identity verification procedures for financial transfers, especially when made via electronic communications. It is always important to confirm any request to change IBAN or other bank details by another means (e.g. a telephone call).
Multi-factor authentication
Use the 2-factor or more authentication method, particularly for sensitive communications and transactions. This security measure guarantees that even if one credential is compromised, there is a second mandatory factor to complete the transaction.
Approval procedures
Implementing approval procedures for financial transfers, which require multiple authorisations from different employees, increases security and reduces the likelihood of cyber attackers being able to carry out a cyber attack.
Monitoring and analysing behaviour
Use monitoring tools to analyse patterns of behaviour in communications and transactions, so that configured alerts can detect unusual activity.
Security tests and audits
Carrying out regular security tests, including phishing and fraud simulations to identify vulnerabilities, is another security practice that should be adopted in a situation like this. We should also regularly audit security practices and financial management policies.
Use technological tools
Implement cybersecurity solutions that help identify and mitigate fraud attempts, such as intrusion detection systems (IDS) and data loss prevention (DLP).
Rapid responses and contingency plans
Developing and training for rapid responses to security incidents can be another key step in preventing cyberattacks. This can include drawing up contingency plans to mitigate the impact of successful frauds.
Secure communication
Using encrypted communication channels to process financial data can also be a cybersecurity practice to take into account in this type of situation. On the other hand, defining clear protocols for official company communications can also be an asset for organisations.