Employees proving best firewall against cybercrime
A sudden telephone call from the boss to carry out a confidential bank lodgement immediately is likely to sound anyone’s alarm bells. "However, such scam calls from the alleged CEO work all too frequently," said Christian Möckelmann, who oversees Commerzbank's corporate customer business in Hamburg and Schleswig-Holstein. This form of identity theft, in which cybercriminals take on the role of the entrepreneur, is the third most frequent attack on companies in Hamburg. Phishing emails requesting recipients to enter personal data such as PINs or TANs come first at 58 per cent followed by data theft through malware (27 per cent), according to the Entrepreneur Customer Survey 2022 carried out on Commerzbank's behalf. The IPSOS opinion research institute had conducted around 2,500 interviews nationwide from July 18 to August 10, 2022, 100 of which were in Hamburg. The respondents included freelancers, the self-employed, craftsmen and SMEs with annual sales of up to EUR 15 million.
Criminals becoming more sophisticated
Cybercrime is increasingly an issue in daily interactions with customers, Möckelmann said. "Our conversations focus on the impact of the war in Ukraine, inflation and supply chain issues, followed by cybersecurity in fourth place." The survey confirms this experience, with 86 per cent rating cybersecurity as "very important", while 50 per cent termed it a "top priority". However, just under 60 per cent of respondents believe they are very well positioned to fend off potential attacks, which worries Möckelmann. "Cybercriminals are becoming more sophisticated and the number of attacks is continuously growing."
Well prepared, highly manipulative cybercrimes
CEO fraud is a prime example. "Such attacks are extremely well prepared, and the structures and corporate organisation are uncovered thoroughly." Publicly available information is found on Facebook, and other facts such as names are gathered through innocuous-sounding telephone calls. "Then the alleged boss exerts pressure in a very targeted manner," said Möckelmann. "Let's say, he rings Ms. Meyer in the accounting department on a Friday afternoon and says he can only confide in her as Müller, Schulze and Schneider are unaware of the company's dire straits, which could be alleviated by an immediate transfer of EUR 100,000 and save everyone's jobs at the last minute."
Employees proving best firewall
The cybercriminals' chances of success dwindle rapidly, when they happen on a well-prepared employee, Möckelmann stressed. "Well-trained and aware employees are the best firewall." Certain security loops can be set up specifically for a "phoney CEO" attack, which would make for a swift response, but on a secure basis. One in four companies in Hamburg has already fallen victim to a cyberattack. Nationwide, the figure comes to 43 per cent. The corporate structure in Hamburg with its many SMEs might explain the strong deviation from the national trend. "Cybercriminals like targeting large companies, from whom a particularly large sum of money can be defrauded." However, the relaxed attitude in Hamburg might be making people prone to scams as "entrepreneurs may not perceive a phishing email as a cyberattack".