Financial Crime World

Here is the converted article in Markdown format:

Tunisian Foreign Bank Falls Victim to Phishing Attack

In a recent incident, cybercriminals replaced the sender’s email address with that of a local insurance company in an attempt to deceive employees of the Tunisian Foreign Bank. This is just one of many examples of phishing attacks and business email compromise (BEC) schemes targeting financial institutions across Africa.

The Rise of BEC Attacks

According to reports, BEC attacks are on the rise globally, with losses totaling USD 2.7 billion in the United States alone last year. In Africa, where more than half of BEC groups are located, the damage can be catastrophic. Nigerian-based cybercriminal communities have been particularly active, carrying out attacks from various countries, including Nigeria, Ghana, and South Africa.

Underground Forums: A Hotbed for Cybercrime

Cybercriminals are actively using underground forums to buy and sell access to major African companies’ networks, including government and financial institutions. The average cost of access with domain administrator privileges is around USD 300, while local administrator access can be acquired for USD 170.

“Drops” in Demand

Attackers on these forums are also seeking out African individuals willing to participate in fraudulent schemes for illicit income. Requests for “drops” were found in Telegram channels targeting countries such as Nigeria, Senegal, Algeria, and South Africa.

Recommendations for Governments and Businesses

To combat the growing threat of cybercrime, experts recommend that:

  • Governments adopt information security policies and strategies at a national level
  • Develop legislation for personal data protection
  • Protect critical infrastructure
  • Create national and industry cyberincident response centers
  • Cooperate internationally

For businesses, it is essential to:

  • Identify non-tolerable events and critical assets
  • Monitor incidents and respond to cyberthreats
  • Evaluate the effectiveness of cybersecurity measures
  • Regularly test and verify events non-tolerable for the organization

Tunisian Foreign Bank Warns Employees

The Tunisian Foreign Bank has issued a statement warning employees to be vigilant against phishing attacks and BEC schemes, urging them to verify email addresses and suspicious activity before taking any action. The bank is also working with authorities to strengthen cybersecurity measures and prevent future incidents.

As the threat of cybercrime continues to evolve, it is crucial for both governments and businesses to remain proactive in their approach to protecting themselves against these attacks.