Business Email Compromise

  • Share:
January 09, 2018

 

CYBERSECURITY

BUSINESS EMAIL COMPROMISE

Prepared by Jacqueline Ferrari, M.A.

What is Business Email Compromise?

 

Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments (TrendMicro, 2016).

 A BEC is a form of a phishing attack where a cybercriminal impersonates an executive (often a CEO), and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher (Harnedy, 2016).

 Formerly referred to as Man-in-the-Email scams, BEC attackers rely heavily on social engineering tactics to trick unsuspecting employees and executives. Often, attackers impersonate a CEO or another executive authorized to do wire transfers (TrendMicro).

 The

FBI and international law enforcement recorded more than 40,000 incidents of BEC scams, a 2,370 percent increase since the start of 2015 (Paul, 2017).

Global losses from BEC scams will exceed US$9 billion in 2018 (TrendMicro, 2017).

How Does it Work?

 

Business Email Compromise scams often start with an attacker compromising a business executive’s email account or any public listed email. This is usually achieved using keylogger malware or phishing methods. Attackers create a domain that’s similar to the company they’re targeting or create a spoofed email that tricks the target into providing account details (TrendMicro, 2016).

 BEC scams are highly focused. Cybercriminals will scour through compromised email inboxes, study recent company news, and research employees on social media sites in order to make email attacks look as convincing as possible (Harnedy, 2016).

 According to the FBI, there are five types of BEC scams

1:

1. The Bogus Invoice Scheme:

 

 

Attackers impersonate the supplier requesting fund transfers for payments to an account owned by the hackers.

1 Information taken from the following sources: Harnedy, 2016; TrendMicro; and TrendMicro, 2016.

Your Cybersecurity Partner

(Canada) Mailing Address: PO BOX # 47056. 2638 Innes Road. Ottawa, Ontario. K1B5P9 CANADA (U.S) Office & Mailing Address: 7083 Hollywood Boulevard, Hollywood, CA, 90028 (U.S.) Office & Mailing Address: 347 Fifth Avenue, Suite 1402-285, New York, New York, 10016, USA (U.S.) Office Location: 326 Broad Street, Utica, New York 13501, USA T: 323-428-9537 T2: 646-205-2246 T3: 613-286-6484 URL: www.xahive.com, Email: sem@xahive.com

 

2. CEO Fraud:

 

 

Attackers pose as the company CEO or any executive, and send an email to employees in finance, requesting them to transfer money to the account they control.

3. Account Compromise:

 

 

An executive or employee’s email account is hacked and used to request invoice payments listed in their email contacts.

4. Attorney Impersonation:

 

 

Attackers impersonate a lawyer or someone from the law firm in charge of crucial and confidential matters.

5. Data Theft:

 

 

Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements of employees and executives.

Business Email Compromise — A $5 Billion Problem

The number of attacks and dangers due to BEC scams has dramatically increased in recent years. According to the FBI,

BEC losses have reached more than $5 billion worldwide (Kalember, 2017). The following are a few examples to demonstrate the dangers associated with BEC scams (Ambrosone, 2017; Rankin, 2017): Impact & Losses

BEC Scam

 

 

 

$100 million

 

Evaldas Rimasauskas registered a company in Lithuania

that had the same name as a company in Asia, and

managed to get U.S. technology companies to transfer

over $100 million.

 

$44 million

 

Leoni AG, Europe’s biggest manufacturer of wires and electrical cables lost $44 million (and 7 percent of its

market value) in August 2016 via a spoofed email

address.

 

$42 million

 

Aerospace parts manufacturer FACC experienced a $42 million dollar loss due to a fraudulent BEC payment.

 

$5 million

 

Budget airline Ryanair lost $5 million via a fraudulent

electronic transfer.

Tips on How to Stay Protected and Secure2

2 Information taken from the following sources: Harnedy, 2016; McCalley, 2017; Rankin, 2017; Sobczyk, 2016; and TrendMicro, 2016.

Here are some techniques and tips for protecting and securing your company from BEC scams and fraudulent activity:

1. Carefully examine all emails

. Be cautious of irregular emails that are sent from C-suite executives, as they are used to trick employees into

Your Cybersecurity Partner

(Canada) Mailing Address: PO BOX # 47056. 2638 Innes Road. Ottawa, Ontario. K1B5P9 CANADA (U.S) Office & Mailing Address: 7083 Hollywood Boulevard, Hollywood, CA, 90028 (U.S.) Office & Mailing Address: 347 Fifth Avenue, Suite 1402-285, New York, New York, 10016, USA (U.S.) Office Location: 326 Broad Street, Utica, New York 13501, USA T: 323-428-9537 T2: 646-205-2246 T3: 613-286-6484 URL: www.xahive.com, Email: sem@xahive.com

 

acting with urgency. Review emails that request transfer of funds to determine if the requests are irregular.

2.

 

Educate and train employees. When it comes to security, employees are a company’s weakest link. Commit to training employees according to the company’s best practices. Adopt a comprehensive anti-phishing program that empowers all employees to act as the first line of defense against BEC scams. At the least, it should include:

o

 

A phishing simulation program — a scheduled process of periodically sending fake BEC emails to employees so they can become conditioned to what phishing messages look like.

o

 

A reporting tool that allows employees to practice reporting threats to your company’s incident response team.

3.

 

Implement multi-factor authentication as a security policy. This will make it much more difficult for a cybercriminal to gain access to your employees’ email inboxes and therefore hard for them to launch a BEC attack.

4.

 

Use a secure encrypted communication service that follows the NIST framework when sending or receiving information including PII.

5.

 

Running regular checks on your organization’s "spoofability" will help you determine how vulnerable your company is to email spoofing. Cybercriminals will often use email spoofing to send emails that appear to be legitimate messages from a member of the company’s leadership team.

6.

 

Verify any changes in vendor payment location by using a secondary sign-off by company personnel.

7.

 

Stay updated on your customer’s habits including the details, and reasons behind payments.

8.

 

Confirm requests for transfer of funds when using phone verification as part of two-factor authentication, use known familiar numbers and predetermined codes, not the details provided in the email requests.

Your Cybersecurity Partner

(Canada) Mailing Address: PO BOX # 47056. 2638 Innes Road. Ottawa, Ontario. K1B5P9 CANADA (U.S) Office & Mailing Address: 7083 Hollywood Boulevard, Hollywood, CA, 90028 (U.S.) Office & Mailing Address: 347 Fifth Avenue, Suite 1402-285, New York, New York, 10016, USA (U.S.) Office Location: 326 Broad Street, Utica, New York 13501, USA T: 323-428-9537 T2: 646-205-2246 T3: 613-286-6484 URL: www.xahive.com, Email: sem@xahive.com

References:

Ambrosone, Mike. (2017, June 7).

 

What is a BEC or Business Email Compromise Scam and How to Prevent It. Retrieved from Vircom: https://www.vircom.com/blog/bec-business-email-compromise-scam-prevention/

Harnedy, Ryan. (2016, September).

 

What is a Business Email Compromise (BEC) Attack? And How Can I Stop It? Retrieved from Barkly: https://blog.barkly.com/what-is-a-business-email-compromise-bec-attack-and-how-can-i-stop-it

Kalember, Ryan. (2017, May 8).

 

FBI Reports Business Email Compromise (BEC) Scams Result in $5 Billion. Retrieved from Proofpoint: https://www.proofpoint.com/us/corporate-blog/post/FBI-reports-business-email-compromise-scams-result-5Billion-losses-worldwide

McCalley, Heather. (2017, August 31).

 

10 Ways to Defend Against Business Email Compromise/CEO Email Fraud Scams. Retrieved from PhishMe: https://phishme.com/10-ways-defend-business-email-compromise-ceo-email-fraud-scams/

Paul. (2017, May 8).

 

FBI: Business Email Compromise is a $5 Billion Industry. Retrieved from the Security Ledger: https://securityledger.com/2017/05/fbi-business-email-compromise-is-a-5-billion-industry/

Rankin, Bert. (2017, August 25).

 

Preventing Business Email Compromise (BEC). Retrieved from Lastline: https://www.lastline.com/blog/business-email-compromise/

Sobczyk, Michael. (2016, September 22).

 

8 Practical Tips to Avoid Being the Victim of a Business Email Compromise Scam. Retrieved from Holtzman Partners: http://holtzmanpartners.com/8-practical-tips-avoid-victim-business-email-compromise-scam/

TrendMicro. (2016, January 11).

 

Security 101: Business Email Compromise (BEC) Schemes. Retreived from TrendMicro: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/business-email-compromise-bec-schemes

TrendMicro. (2017, December 5).

 

Security Predictions for 2018 Paradigm Shifts. Retreived from TrendMicro: https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2018

TrendMicro. (Date Unknown).

 

Business Email Compromise (BEC). Retrieved from TrendMicro: https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec)



 
Contact:
Sem Ponnambalam, President
sem@xahive.com


Orléans For Your Business Magazine