One of the easiest tricks for criminals is to fake or spoof business emails that appear to come from your company–particularly during a pandemic. One common technique is known as Business Email Compromise or BEC. The FBI estimates that BEC scams have cost organizations $26 Billion in losses over the past 3 years.
What is BEC? BEC occurs when a cybercriminal is able to use a compromised business email account with the goal of transacting fraud with an unsuspecting employee or vendor. Companies can lose millions with only a few clicks.
Criminals first try to target a single employee who has a mid-level role within the organization so they can compromise that person’s computer or email account. With so may people working from home, this is even easier without corporate firewalls or identity management protocols in the way. This image is an example of how BEC works. As a conscientious person always trying to stay up to date on COVID, this email looks legitimate. Who doesn’t want to click on the “Safety Measures” button?
Once “Ann” clicks on the link, her account is vulnerable. Attackers can then use her account to send other employees emails on Ann’s behalf asking for information or payments. An example might be asking for personally identifiable information on employees or a request to pay an attached invoice by sending an electronic payment to a SWIFT code.
How to recognize BEC attacks?
Three common steps to BEC attacks are:
- Fake prospective customers reach out to you, often from overseas addresses. This is often a first attempt at “spearphishing” to gain information on the business. Who is the sales account manager who will be assigned to me? Who is the sales director? What do their email signatures look like? What is the business process to onboard a new customer? What is the invoicing process?
- The attacker requests to communicate over WhatsApp, IM, Text, etc. These are new communication channels for many businesses and they are not aware of the dangers or vulnerabilities they contain. Again, by including links and attachments inside these channels, the hacker can phish for account information and bypass email firewalls and gateways.
- The attacker uses the compromised email account(s) to set up supply chain emails to enable recurring wire transfers.
Actions to prevent BEC attacks
- Watch for unexplained urgency in requests from colleagues, clients or vendors.
- Beware of changes in wire transfer instructions
- Beware of requests to use different email addresses or communication platforms.
- Be cautious of people who only want to communicate by email and never by phone or video link.
- Watch for requests for payment in advance–especially when this wasn’t part of the negotiation or agreement.
- Be careful with employees who want to change their direct deposit information.
- Use a DNS Firewall to thwart phishing attacks.
- Have your staff trained in cyber security for users (Atlas can help you with this).