Aquaboutic | Focus Security Research | Vulnerability Exploit | POC


canada, e-mail hacker trade fraud disaster increased dramatically

Posted by deeson at 2020-02-16


You can see a variety of information about overseas market news at a glance.

Canada, e-mail hacker trade fraud disaster increased dramatically

October 2, 2019 Li Xiyuan Canada Toronto Trade Center

-We should pay attention to prevent trade losses such as document forgery and the buyer passing off as a Korean enterprise-

-E-mail must be used when the remittance account information changes

Summary of trade fraud

Recently, Canadian buyers and Korean enterprises changed their settlement account information through email hackers, resulting in three victims of trade fraud.

Trade fraud prediction

Example 1: both Canadian buyers and Korean enterprises pretend to be trade loans

-Canadian buyer a company and Korean enterprise B company signed a product contract and continued to trade.

-When the contact is temporarily interrupted before the order is added, the fraud group sends emails through email hackers, which are very similar to the mailboxes of agency a and company B.

-The fraud group pretends to be company a and asks company B for the remittance account information. Company a uses the remittance account information received by company B to introduce the account information of the transfer.

-As the summer vacation season, the contact between the principals is not smooth and the faith of existing customers has no doubt to receive the remittance from the changed Chinese account.

Case 2: a new partner of a Canadian buyer, posing as a South Korean enterprise, at the price of a trade loan

-In order to purchase the products of Korean company D, Canadian buyer C will negotiate with the person in charge for about one month and then submit the order.

-Company C will remit all the received invoices without any doubt (sign the contract with payment terms)

-After the agreed shipment date after payment remittance, company C did not contact with KOTRA for help.

-The confirmation result shows that the person in charge of company D normally delivered the letter including the account information, but the fraud group changed the account information through email and sent it to company C again as a Korean enterprise.

Case 3: long term deals between Korean and Canadian businesses in an email attempt to expose

-Transfer of account information from company f to company E, a Canadian buyer with long-term transaction with company F, a Korean Enterprise

-The accounting group of the suspicious company e confirms the relationship between the facts.

-The email address is very private to company F, but it is confirmed that the email address of company F and the location of the changed bank account are not in Korea, but in Ukraine.

-The fraud group tried to defraud the e-mail account of F company, a domestic enterprise, to defraud F company and to defraud trade funds.

(business fraud methods of e-mail hackers are timely

When the account information for payment settlement changes, mutual confirmation must be confirmed by means other than email

-If you receive the account information converted by e-mail, it will cause losses through hackers as well as violations.

-If you receive an email to change your account information or change it, you must confirm it through streamline, chat software, etc. before you pay.

-In addition, in order to prevent the trade fraud of e-mail hackers, it is necessary to change the e-mail account at any time, strengthen the e-mail security, and check whether the e-mail address is correct when contacting existing exchanges and new customers.

-In order to strengthen the security of e-mail accounts, the latest virus prevention procedures are used, and services such as confirming illegal overseas connections and e-mail addresses sent by the other party are also submitted.

-In addition to e-mail account and password, mobile phone authentication password is one of the two password usage methods.

Master *: improve the existing password authentication method. Even if the third party finds out the password number, it needs to add authentication through the account owner's mobile phone or one-time password equipment, but it can log in to the system

Recently, capital one, one of the largest financial companies, lost a lot of personal information (6 million people in Canada and 100 million people in the United States).

-The capitalists announced the name, address, telephone number, birth date, credit score, limit, deposit balance and other personal information of the customers using the credit card.

-The FBI is the suspect in the hacking, arresting the software end of an IT business in Seattle.

In the case of frequent overseas cyber crimes, Korean enterprises should also strengthen the vulnerability of the network server security network to prevent personal information from being infringed.

For the network security service of Canada's network security service, it is recommended to join Canada.

-Network retention Canada is the company that validates the Canadian federal government program cyber secure Canada

-For network crime, it is difficult to deal with the part after the crime, so it is important to strengthen the education of enterprise information manager.

-In addition, if there is relevant insurance, you can get compensation for the crime occurred, so it can be increased as a preference for security devices. If you obtain the federal government's cyber secure Canada certification, the preferential amount of cyber insurance provided by Canadian insurance company.

Master *: certificate proving the security of all network information as proof of hacker risk reduction and stability.

Reference: email foreboding for trade fraud

Existing email

Email used by fraud group

Data: CTV News, KOTRA Toronto trade view data synthesis

Dradio copyright owner & KOTRA overseas market news

Overseas market news reports can be used according to the conditions of "public world type 1 source".

However, if you do not make images, tables, data and other projects in person, please consult with the relevant person in charge of the use of external data from other sources before use.