The "380 million yen scam" that hit JAL is not another person's affairs Email can no longer be used at work? | Business + IT
Open / Close Button User Menu User Menu Content
Related genres
The "380 million yen scam" that hit JAL is not another person's affair. Can his email be used at work anymore?
On December 20, there was news that Japan Airlines (JAL) was deceived by an email disguised as a business partner and transferred more than 380 million yen to fraudsters. Not only the amount of money, but also the fact that a large company suffered damage of 100 million units by a method like a transfer fraud attracted attention. However, preventing this type of attack is not easy and any company can be fooled. In addition, similar attacks such as copycats may become more active in response to this report.
Freelance writer Shinji Nakao
Freelance writer Shinji Nakao
Freelance writer and editor. From ASCII book editing to O'Reilly Japan, he translates, writes, and interviews both on paper and on the Web. He has a lot of IT, but occasionally writes in automobile-related media. I've been using the internet (though I didn't say it) since UUCP.
- Email fraud is becoming a norm
- May have already been compromised by targeted attacks
- "Do not use email" measures should be taken into consideration
- Check "Isn't my house done?" Instead of other people's affairs
The attack that JAL suffered is called BEC (Business E-mail Compromise). BEC is an attack that has become apparent mainly in financial institutions since around 2014, and is an attack that mainly uses social engineering. Fake emails to trick the other party into making illegal remittances. For example, the name of the president or her secretary may be deceived and transferred as an urgent fund for the president's life, or the payment destination may be changed. The basic method is social engineering, but an attacker who invaded by a targeted attack can intercept email exchanges with business partners, pretend to be a real transaction, or interrupt the remittance process exquisitely. be. If the mail server is successfully hijacked, it will be difficult to detect fraud because more sophisticated spoofing and spoofed emails will be sent. Some experts classify this case as SCAM (general fraud regardless of method) rather than BEC. There is a part where the background and the damage situation are not clear, so it is not possible to strictly classify whether it is SCAM or BEC, but the range known from the media etc. is as follows (information as of December 25). CASE1: Damage of 360 million yen ・ Fake email is related to the lease price of the aircraft from the financial company ・ The sender is one character difference of the official person in charge address ・ The content of the email is related to the invoice of the lease price and the change of the transfer destination Things ・ The invoice (PDF) was made in the same format as the real thing CASE2: Damage of 24 million yen ・ Fake emails are related to the consignment fee for ground operations of cargo The sender was not an official person in charge, but when I checked by putting a cc in the person in charge, there was a reply that the address of the person in charge was correct. I can say. The address is one letter different and hard to notice, and the other party is deceived with an invoice that is indistinguishable from the real one. The JAL side said that even with multiple checks, it was not recognized as a fraud until an inquiry from the correct financial company (contact of non-payment) came. It is a problem that the process of changing the transfer destination of 100 million units is proceeded only by the email of the other party, but there is no doubt that it is a cleverly designed fraud. Of note is the fraudulent activity, knowing the name and email address of the impersonator, as well as the format of the financial company's invoice. There are many ways to spoof your email address, but if the one letter difference is your account name and your domain name is legitimate, it's possible that one of your email servers has been hijacked.Related article ▲ Close ▼ Show all
In any case, it seems that the crime was committed after understanding the address of the person in charge, the format of the invoice, and the timing of billing. It is highly possible that the attackers have invaded JAL or financial companies through targeted attacks and eavesdropped on the details of transactions. Since CASE2 is sending an email to a legitimate person with cc but receiving a fake reply, it is possible that the mail server has been hijacked or the targeted email is being monitored by a man-in-the-middle attack. Is high. JAL and companies outsourced to ground operations need to scrutinize targeted attacks for intrusions (remote tools, backdoors, administrator account leaks, etc.). Although it is a general theory, in a targeted attack, if the security level of the target is high and it is difficult to invade, it may be targeted at a place where the defense is weak, such as a business partner, and it may be a stepping stone for the attack. [Next page] SCAM and BEC may increase to the same level as in Europe and the United States in 2018.Countermeasures are difficult, there is also an option to "do not use email"To List
To List
To List
SB Creative Co., Ltd.
Business + IT is operated by SB Creative Corp. of SoftBank Group.
Copyright © SB Creative Corp. All rights reserved.
By registering as a business + IT member, you can subscribe to member-only content and e-mail newsletters, and invite you to special seminars!
Registration merit Member registration (free)
notebook-laptop
