Call our IT experts today on 01254 email@example.com
Lancs BB1 4LA
Art galleries and dealers in the UK have lost hundreds of thousands of pounds after being targeted by email hackers.
The social engineering scam, known as a ‘man-in-the-email’ (man in the middle / MITM) attack, which has also worked on US art dealers, involves hacking into the email account of targets – in this case, London art dealers. The hackers have then monitored the email correspondence with the gallery’s clients, and intercepted and diverted payments from clients. This involved intercepting real PDF invoices sent to customers, and swapping them with fraudulent invoices with instructions to send payments to a different account.
It has also been reported that the hack has been used to steal payments made by galleries to their artists. After the money was received by the hackers, it is believed that that it was moved to untraceable locations.
Reports indicate that at least art galleries and art dealers in the US and now in London have fallen victim to the hackers, and although no exact figure has been put on the losses, the nature of the products that the victims deal in indicates that they could run from tens of thousands to millions of pounds to date.
The Society of London Art Dealers is reported to have previously warned its members about email fraud, and has released further cyber-security materials following this latest scam.
The London Evening Standard reported that one way that the Mayfair gallery (Simon Lee), and Thomas Dane Gallery in St James’s have responded to this latest attack is by overhauling their invoicing procedures e.g. Simon Lee’s gallery now issues a standard warning about cyber fraud with every invoice, and the dealer’s accountant confirms banking details with clients over the phone.
Online fraud has been on the increase for some time now. Netcraft figures (2016) show that 95% of servers are lacking HSTS security features and are prone to MITM attacks. MITM is also spreading from desktop connections to mobiles, and even to IOT space.
Spyware and malware programs (often arriving by email) are two of the prime causes of MITM attacks and companies can, therefore, seek to insulate themselves against these types of attacks with initial measures such as being proactive in renewing antivirus programs and patches, and conducting regular scans for malware. It is also important to raise awareness among staff and to educate them about the dangers of opening unknown emails. Other measures that companies can take to help themselves include: