E-Handbook: Advanced cybersecurity fraud and how to fight it Article 1 of 4

Fight the latest cybersecurity fraud with updated defenses

The impetus behind cybersecurity fraud has deep, historical roots. Consider the tale of Greek sea merchants Hegestratos and Xenothemis, who took out an insurance claim against their ship and its cargo of corn in 360 B.C., never intending to transfer the goods safely from Sicily to Athens. Exploiting the fact that many cargo ships got lost at sea those days, the scamming duo took the cash advance from their buyer and set to the open seas -- sans cargo. The plan was to sink the ship, pocket the insurance money and sell the corn separately for further profits.

Things didn't go as planned. The crew, who heard rumblings of the swindlers' plan, sabotaged the mission. Hegestratos drowned while trying to escape the crew, and Xenothemis faced a lengthy legal battle after arriving in Athens with an empty ship.

Fast forward 2,380 years. Hegestratos and Xenothemis' tale is now a key case study in fraud textbooks and classrooms across the globe. It also parallels hackers using rough cyber seas to manipulate unsuspecting crews -- enterprises and their employees alike -- out of money, data and intellectual property.

From credential harvesting and OAuth token attacks to business email compromise scams and island-hopping, cybersecurity fraud takes different forms but can have devastating, expensive effects.

Take, for example, the U.K. energy company CEO who was swindled into sending nearly $250,000 to a company he thought was a supplier but ended up being scammers using deepfake AI to impersonate the voice of his boss. Or the Indian engineering company that lost more than $18 million to hackers who used an email address impersonating the CEO of its parent organization.

AI and other technologies may boost an enterprise's defenses, but they often remedy symptoms rather than cure the disease. In this guide, learn about the spread of increasingly sophisticated types of cyberfraud and take a deep dive into business email compromise and island-hopping attacks to learn why mitigating social engineering attacks and avoiding cyberfraud ultimately comes down to educating the weakest link in the equation: the human element.