Cyber criminals looking to make a quick buck have increasingly turned to ransomware in recent years. More patient types are working a more elaborate scheme that’s yielding paydays of tens or even hundreds of thousands of dollars per victim. It all centers around works of art.
The first step for the criminal is to infiltrate a gallery or dealer’s network. There are several different ways they might do that. Two of the most common are phishing emails and so-called “watering hole” attacks. In a watering hole attack, the hacker booby traps a website that is likely to be visited by the intended victims — say, message boards where users discuss buying and selling art.
Once the attacker’s malware has taken hold, the waiting game begins. The hacker starts monitoring outbound emails for signs of a transaction. An email with words like invoice or sale and a PDF or Word document attached, for example, might set off the alarm bells.
That’s when the hacker steps in. Impersonating the original sender, the hacker sends a second email in an attempt to trick the victim into transferring funds into a bogus bank account. After having studied the thread between buyer and seller, a skilled hacker can be incredibly convincing. Successful attacks like this have cost some galleries $500,000 or more in one fell swoop.
Banks aren’t always willing to intervene after the fact, either. One gallery that spoke to The Art Newspaper reported being told that the bank was unable to help because no mistake was made. It was merely following the customer’s instructions.
Hackers are running this scam in other industries, too. Realtors, title agencies, and escrow agents have been targeted. While the dollar figures can be even higher, the process can take weeks and has many more safeguards in place that could derail the con. An expensive art purchase can be an impulse buy, and there are few — if any — regulatory hurdles.
How can art aficionados and gallery owners protect themselves? Encrypting important emails and attachments (especially those with financial information) helps keep vital data away from the hacker’s prying eyes. Going old school and confirming banking instructions by phone can also go a long way toward thwarting the attack.