Dissect Cyber notifies small businesses targeted by cybercriminals
1,300 percent, with business victims spread through all 50 states and 100 countries. In that time, 22,143 domestic and international BEC scam victims were swindled out of more than $3 billion, the IC3 report finds.
The Dissect Cyber cybersecurity notification team provides a highly specific and yet complimentary service to small businesses listed in the SAM database. When Dissect Cyber detects that a company’s internet domain has been spoofed, the cybersecurity notification team — comprised solely of military veterans — calls the affected company to deliver the details of the threat and also follows up with an email notification detailing how to defend against the threat. To date, Dissect Cyber has made more than 3,500 calls with impressive results and successes to show for their work.
Companies that have been notified of a possible BEC scam through CSD’s Dissect Cyber research project have avoided falling victim to internet criminals.
For example, at one company a senior employee received an email request for a $26,000 wire transfer from someone posing as the CEO. The hoax email arrived shortly after Dissect Cyber had notified the company of a potential BEC scam. The employee recounts what unfolded next: “We went along for one reply, enough to get the amount and bank details. Then we contacted the local FBI field office, filed an IC3 report and submitted the info to InfraGard. I contacted the parties involved in hosting the domain and the account was terminated. This morning the domain was available and we snagged it.”
The head of another company turned down Dissect Cyber’s assistance, explaining that his IT department had the company covered. He called back within hours, saying: “I stepped out into the hall and ran into my finance person, who was headed to the bank to get a certified check in response to the fraudulent email you told us was coming!”
In addition to BEC scams, Dissect Cyber also notifies firms registered on the SAM database when their employee logins have been stolen and circulated on the internet by cybercriminals. It even finds the owners of abandoned websites that are being used to distribute ransomware and works to have the sites taken down.
Currently, Dissect Cyber employees contact 30 percent of companies targeted by look-a-like domains within five hours of a fraudulent domain’s registration and 93 percent of targeted companies are notified in less than 24 hours. Dissect Cyber is scaling up for round-the-clock notifications by hiring and training additional employees, with a goal of 90 percent notification in less than two hours and 100 percent notification within 24 hours.
“If your company is contacted by Dissect Cyber, heed its warnings and act on its advice to safeguard it,” said Cox. Doing so could mean the difference between losing thousands of dollars to internet scammers or beating them.
The Dissect Cyber project will be presented at the 2017 Cyber Security R&D Showcase and Technical Workshop, which is scheduled for 11-13 July in Washington, D.C.