How the Diamond Industry Is Combatting Cybercrime

Cybercrime is on the rise, affecting all industries, with the diamond and jewelry trade far from immune.

Protecting information is critical in a data-driven era when companies rely on technology for almost everything. This is as much the case in the diamond industry as it is anywhere else. Companies and individuals across the market are vulnerable to cybercrime on a daily basis, from cutters and traders to retailers.

Anyone who uses tools as basic as email or a client database cannot be complacent. And it’s the reason why serious industry players are investing in solid cyber security products.

Cybercrime is becoming more common. Losses reported to the FBI’s Internet Crime Complaint Center jumped 34% to $1.1 billion across all industries in the U.S. in 2015, according to the organization’s annual Internet Crime Report. And it’s not something that only happens to other people. Several participants at a major jewelry show in 2015 had their WiFi infiltrated and found that fake invoices had been sent out in their name with amended bank details, according to an attendee.

PHISHING FOR LOOPHOLES

The problem often comes from a lack of knowledge of simple hacking techniques criminals use. One of the most common practices is ‘phishing,’ in which an infiltrator tries to get someone’s personal details by hacking into an email account and sending out a message that looks genuine. The email entices the recipient to click on a link and enter a username and password.

Other methods include changing bank information on standard emails or letterheads so funds go to the wrong account. Traders often report receiving an email claiming a supplier has moved bank accounts when actually someone has broken into the account, imitated other messages the user has sent and replicated them with altered payment details. The communication will often appear 100% real.

There are other cases of cybercriminals hijacking a computer system and locking the owner out. One diamond supplier even had its homepage redirected to an adult website by tech gangsters demanding a ransom.

“Cybercrime has spread across the world and eventually it’s got to our industry,” said Yoav Pelleg, the New York representative of ISPS, a diamond-focused security firm headquartered in Rosh HaAyin, Israel. The basic solution is simply to be alert. Just knowing data thieves are at work significantly reduces the likelihood of falling victim.

Pelleg stresses awareness in workshops he provides diamond companies about preventing cybercrime. “Businesses should be aware these things are happening. When you start to work with someone, you have to confirm everything over the phone. If you receive an email that something’s been changed, don’t go with that. Call them and ask if it’s true. They’ll probably say no.”

BIG DEALS, BIG RISK

But even with these precautions, diamantaires need to be extra vigilant as the industry is a top target for hackers since deals are so large and traders are keen to exchange money and goods quickly. That increases the chances of a careless mistake being made when targeted.

“Our product is often time sensitive. It’s important to get the goods to people as soon as possible,” said Rami Baron, president of the Diamond Dealers Club of Australia and chief executive officer of Sydney based Q Report Jewellery Insurance. “There’s this inordinate time pressure for money to be moved quickly and efficiently.”

Hackers can access files and amend bank details in template documents so that when the company next sends out an invoice, the cash goes to the hackers instead, while the deserving recipient will almost certainly never see that money. Losses from cybercrime are rarely covered by insurance unless specified in the policy.

If they can hack Hilary Clinton’s emails, what chance has everyone else got?

Rami Baron of the Diamond Dealers Club of Australia

“To change a template is the easiest thing in the world. If they can hack Hilary Clinton’s emails, what chance has everyone else got?” said Baron. “How easy is it for people to change just a few numbers at the bottom? Our industry is in general very naïve to the risk of cybercrime and the massive commercial loss.”

However, while basic awareness and common sense are essential, even the savviest can be victims of the simplest cybercrime.

Dotan Meirov, chief operating officer at MID House Of Diamonds in Ramat Gan, Israel, rattled off a list of cybersecurity service providers and clearly knows the field, but admitted he fell for a phishing email the same day as speaking to Rapaport. An email guided him to a website that looked like the Gmail login page. He entered his username and password and only later realized it was fake. Fortunately, all he had to do was change his Gmail password.

Diamantaires cannot overestimate the importance of vigilance, Meirov cautioned. This is especially the case when an email arrives suggesting a contact has changed banks or suddenly wants the recipient to pay in a different way from normal. “Be twice as suspicious when getting stuff by email,” he said. “If it doesn’t look kosher, call the person up.”