Page 6 Q12017.pdf Full Version 
							
                                 Part II
Cyber Attacks — The Credit Professional’s Point of View
By Tom Diana Communication Manger, CRF
CRF invited several survey respondents to present their views on cyber security through telephone interviews. The following are highlights from these interviews.
Incidences of Attacks
Debbie McNulty, Director of Credit & Purchasing at Bay State Milling, a producer and distributor of  our and grain products, said, “We’ve seen an increase in people trying to get into
our system.” Most cyber attacks she has experienced are Phishing emails.
Phishing attacks are often used by cyber criminals to in ltrate sensitive information from a company’s computer  les and designed to trick recipients into giving up something — payments, passwords, etc. — or to click on links to websites designed to cause damage, steal electronic payment information or cause other harm to company networks.
Kimberly Pierce, Director of Credit & Collections at Constellation Brands, a distributor of beer, wine and spirits, pointed to a Phishing attack that tried to fool her into wiring money. Peirce said that the email was ostensibly from the President of her company. Such a tactic is called whaling,
a speci c type of Phishing email that impersonates high ranking executives. Emails from high ranking of cials can often intimidate recipients into acting quickly in order to comply with their boss’s request. “It was really well-written except for a misspelling,” Pierce said. However, an email directly from the President instructing her to wire money was not in accordance with her company’s protocol, and the email was immediately reported to IT. “Even if my boss came into my of ce and asked me to wire this money, I would have refused and requested that he follow protocol,” she added. In this case, company procedures and the alertness of Pierce prevented a theft of company funds.
Peirce also noted that she has received emails purporting to contain tracking information for a purchase that was shipped. She was suspicious right from the start as she doesn’t use her work email for personal business. She did not open
the link and instead forwarded the email to IT. Her cautious nature makes her vigilant regarding company and personal emails. “I don’t even open links from my friends,” Peirce said. “I’m totally on guard.”
Carsten Schmitz, Corporate Director of Credit & Collections at Freeman, a  rm that specializes in event marketing and management, noted that his  rm has been subjected to Phishing attacks and spoo ng of company of cials. He mentioned one in which a salesperson received a fraudulent email asking her to con rm her email and password. When she did that, the cyber attacker gained access to customer
accounts and contacts. Customers were sent emails (purportedly from the salesperson) requesting payments be made to fraudulent bank accounts. Schmitz said the scheme was detected by the company before any major  nancial losses occurred.
Schmitz also described another cyber attack on an employee that resulted in several of Freeman’s customers receiving emails telling them the bank account for making payments
to Freeman had changed. “We alerted our customers and told them the bank account was not changed and to carefully review email addresses coming from Freeman to ensure they are not being spoofed,” Schmitz said. The spoofed Freeman emails were coming from Nigeria. “We have not been compromised since then, but there’s always risk,” he added.
Diane Patterson, Credit & Collection Manager for Thermo Fisher Scienti c Asheville LLC, a manufacturer of laboratory testing products, pointed out that it’s important for her staff to be cautious of emails involving payments. Her company receives payment emails from customers and third-party payers that contain links for sending in invoices, which contain customer information that should not fall into the wrong hands. “We have to be alert about what’s coming through,” she said. “We want to make sure we con rm who we are dealing with.”
Company Counter Measures
IT departments work to protect their companies from cyber attacks through technical hardware and software measures, as well as through education and training for all employees. McNulty said that Bay State Milling installed new software that captures viruses and spam emails. The software can detect where the email is coming from to determine if the email address is legitimate. It also shows the actual URL links so pirated web page links can be easily identi ed. Her employees also receive a daily report of all spam emails that come in each day.
Schmitz said Freeman uses email security software that  lters out malicious emails and links. They also created a “safe” area where questionable links can be opened in a protected environment that is walled off from the company network, preventing any damage to the network when opening these links. As an added security measure, Schmitz said his company’s IT department requires employees to change email passwords every 2 months to avoid unwanted in ltrations from stolen passwords.
Glen Eichelberger, Director of Credit at Rasa Floors, a distributor and installer of commercial  ooring products, said his company uses a third-party that provides enhanced virus
6
©2017 Credit Research Foundation