Premier League Club Suffers ‘Spearfishing Hacking’ – Why the Trend Can Impact Anyone
Cyber criminals who target individuals through email is on the rise, with phishing attacks in the last few months seeing the National Cyber Security Centre (NCSC) receive more than 1,708,000 reports as of the end of July, with 6,501 of these scams and 15,806 URLs all removed. But whilst the problem targets all types of individuals, one high-profile case recently involved a more sophisticated type of phishing.
It was reported that a Managing Director of an unnamed Premier League football club was targeted via ‘spearfishing hacking’, where their identity was assumed, and money was transferred under the cover of an ongoing transfer negotiation. The scam involved posing as the MD and contacting the other club of which a £1 million player transfer was being negotiated, whilst creating a false email account pretending to be the other European club. The elaborate scam saw both football clubs speaking to the cyber criminals rather than each other, arranging the £1 million to be sent directly to the scammers.
Fortunately for the Premier League club, the transfer of funds was halted at the last moment thanks to the bank refusing the payment. It so happened that the cyber criminal’s bank account had a fraud marker against it, stopping the money transfer before it was too late. As bold as the idea of hacking a Premier League MD is, it proved that ‘spearfishing hacking’ can affect anyone, so how does it work and how can other MDs prevent this happening to them?
The Threat of Spear Phishing
Commonly known as ‘spearfishing hacking’ or ‘Spear Phishing’, the term refers to sending fraudulent emails from a known or trusted sender in order to induce targeted individuals, usually to reveal confidential information. In the case of the unnamed Premier League club, the MD was targeted with an official looking email from Microsoft requesting them to click on the link to login to their email account. This email is much like any other phishing email that people receive on a daily basis, requesting individuals to follow a link to a fake website page to provide personal details. What makes ‘spear phishing’ different is that it targets people within an organization to gain information or login details for which they can then create further disruption. This is why the threat is not exclusive to high profile sports organizations, but any large company a scammer deems as having information they want to access.
Keeping an eye on phishing emails is vital in the remote working world we now all live in, and organizations need to ensure they are implementing secure email protocols to defend from the threat they pose. The simple act of an employee opening a malicious email and accessing the attachment or link can lead to huge consequences both financially and reputationally. With more people than ever before accessing work emails from their personal devices at home, simply hoping no-one falls foul of phishing emails is not enough.
Help Your Sport Organization Stay Secure through Adeya
In 2019, 65% of US organizations experienced a successful phishing attack, which is higher than the 55% global average. With CEOs and high-level executives common targets of sophisticated spear phishing attacks, having a sophisticated and secure defense to counter it is vital. At Adeya, we know how damaging this type of attack can be for organizations, which is why our secure products were developed, providing military-grade encryption, secure file transfer and team collaboration. The last thing any organization wants to learn is that an employee’s login details have been compromised by an unauthorized individual.
We can help ensure that threat is kept to a minimum by keeping all communication and collaboration secure no matter the device being used. Contact us today to book a demo, and find out more about our products and how we can assist in providing best-in-class protection for your organization and your employees.