Cyber-crime and cyber threats are very much a topic du jour and was certainly a talking point at the recent Paris Air Show I attended. Following allegations of interference in recent elections around the world, the NHS in the UK suffering a nationwide ransomware attack and a massive attack across Ukraine in recent days. It has of course long been around but it is not a problem that is going to go away, in fact I suspect I will get much worse before it gets better, so I wanted to share some experiences I have come across in my role as an advisor to not only MRO and aftermarket participants, but also to other businesses in the aviation sector.
In this context the wide method of techniques used by criminals and miscreants is now dubbed “social engineering”, so called because the perpetrators manipulate people into performing certain actions, allowing access or releasing data – “phising” is one such example and one many people are familiar with and have likely experienced.
However, recently we have seen cleverer and more subtle techniques employed in seeking to relieve clients of their money.
A technique, known as “spear fishing” (because of its targeted nature compared to normal “phising”) is one I have seen a few times of late. This is an email technique where, as a prelude to the scam, it is likely that an email account has been compromised at the supplier or customer end and this has allowed the perpetrator access to correspondence. A new email address is set up with a very similar, almost identical, domain name as the genuine email address. Correspondence is then monitored to spot an opportunity to request or divert money. In one example copies of invoices were intercepted in the compromised exchanges and were then altered to show a new bank account – that of the fraudster.
An email was sent from the fraudulent, very similar, email address to the customer along with the doctored invoice and a covering message informing the customer that the supplier’s bank details have change and therefore make payment as per new details in the invoice. In this instance the client was eagle-eyed enough to spot the scam having had a call from its customer and steps taken to ensure future verification. The message here is that if any supplier sends an email explaining there has been a change of bank account it is suggested that the supplier be telephoned (on a number you know to be correct, not any given in the suspect email) in order to verify the change in bank details.
Secondly, whilst many large MRO’s, OEMS and suppliers may be air-side with very tight security, many businesses are of course much smaller without dedicated security personnel and will rely solely on key cards or buzzer access. A more physical threat to security exists called “tailgating” or “piggybacking”. This is where an unauthorised person gains entry to a building, typically for nefarious purposes, by walking behind the person who does have proper access. Habit or manners usually results in the person in front allowing the one following to come through, perhaps even holding the door open for them.
The more a person looks as though they have a right to be somewhere, the less likely people are to challenge them and indeed many people may feel awkward in challenging someone. It is known that people will carry relevant looking parts, equipment or documents, have a lanyard with a (non-functioning) keycard and wear particular clothing in order to add to the perception that they are entitled to be there. A culture of challenging (in a polite manner) unrecognised people should be promoted and an insistence that, unless you know the person you are with, people should be made to use security devices to access buildings, even if right behind you.
These things are happening in the aviation sector, I am seeing it more and more often. If reading this makes anyone think twice before clicking that link or paying to that different bank account or challenging that new person on the premises it may be a small but valuable victory.