The social engineering of Lazio FC and their loss of £1.75 Million
So, it turns out even that even a large football club can fall prey to the simple email scam that seems to plague so many people on a daily basis. You know the ones… you have a HMRC refund please send us your bank details to get it type of email. Lazio FC, a large Italian football club lost £1.75m this week, how? by making the final payment instalment for a defender they had purchased 3 years earlier. Unfortunately, it wasn’t to the club they had purchased the player from. The club received an email appearing to be from Feyenoord, the Dutch club the player has come from. The email asking for the final instalment also included bank details, Lazio FC duly paid, the email wasn’t from Feyenoord and Lazio FC still owe them £1.75m
Social Engineering Attacks
So, what is a Social Engineering attack? According to Tech Target – “Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.“
This issue goes to show that even large organisations and clubs like Lazio FC can be affected by these email scams and it’s not just the regular individual that gets targeted. It highlights how clever these targeted attacks are and how social engineering attacks can be so effective. The appeared simplicity of the attack is what makes is so effective, while underneath the exterior is all the research that would have gone into ensuring that the attack worked which begs the question… how did the scammers get the detailed information they needed to make the attack so effective? Was there a leak about the details of the sale of the player? Did they get what was needed from social media? Will we ever find out?
The targeting of companies through their users is a huge business to hackers and this method of social engineering was the most frequently used attack in 2015. There is no sign of these types of attack slowing down, in 2016 60% of companies were targets with social engineering attacks according to eSecurity Planet . This trend is a worrying one and highlights that the education of users in cyber security is essential. Cyber Wise aims to significantly reduce your chances of becoming part of a statistic with a powerful approach to Cyber awareness training for every member of your team.