Reply to post:

Hacker takes down CEO wire transfer scammers, sends their Win 10 creds to the cops

Tom Paine Silver badge

...organisations need to start using 2-factor authentication for wire transfers. Give each financially authorised company officer an RSA SecurID or similar, and have them authenticate before transactions are approved. Or am I missing something?

What you're missing is that the sort of broken organisations* that fall victim to BEC scams, by definition, don't know that such things are happening or that they're in danger from them. Sure, 2fa could break the kill chain, but so could any number of other, non-technical controls. The problem isn't that there's no way to prevent this happening, it's that the victim orgs don't know or care about them until it's too late.

* "organisation" as a movable feast -- the accounts payable team can be considered "an organisation"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019