(Business in Cameroon) - With the onset of the Covid-19 health crisis, cybercrime has surged, the National Centre for Information Technology Development (CENADI) informs in its recent study entitled “Covid-19: menaces sur le système d’information des organisations” (Covid-19: Threats to the information system of organizations).
In the study, Cenadi focuses on the specific case of BEC (Business Email Compromise or FOVI in French). As it explains in the report, its focus on BEC type attacks is spurred by the social distancing measures which increase the use of electronic messaging systems by companies and organizations. "According to Interpol, this last type of cyber attacks caused over $1 billion [nearly XAF600 billion] of losses in 2018 alone and remains relatively unknown, yet several cases have been recorded in Cameroon," CENADI reveals without further details.
It warns businesses and organizations that the following signs are precursors of a BEC-type attack: an urgent, unplanned and confidential request for fund transfer, a change of telephone or e-mail address, direct contact by a swindler posing as a member of the company or a manager. This scammer will use flattery or threats to manipulate the person he/she is dealing with and establish credibility. The scammer will also provide a wealth of information about the company targeted and the working environment (personal data concerning the company manager and employees).
To companies and organizations already victims of that attack, CENADI advises them to immediately ask the bank to return the transferred funds and file a complaint with the police and gendarmerie, bringing as many proofs as possible.
It also recommends the use of various electronic tools to prevent BEC attacks. These include multi-factor authentication for electronic mail and end-to-end message encryption, which make a message unreadable in case it is intercepted by a hacker. It also suggests knowing where personal data is stored and delete them if necessary. Companies and organizations are also urged to break the chain of emails relating to fund transfers by entering the usual addresses for each fund transfer and create multiple verification and signature procedures for payments and changes of bank details. They are also advised to regularly update their cybersecurity systems.