How to Identify a Business Email Compromise Scam - iCorps
The FBI is warning organizations that the prevalence of Business Email Compromise (BEC)/Wire Fraud email is growing at a rapid pace. In fact, the FBI reports that it has seen a 270% increase in identified victims of these business email compromise scams since January 2015. Check out the video below from our partner Mimecast to see how this type of attack could dupe even your sharpest employees.
Types of BEC Emails:
According to the FBI, BEC is most commonly known as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” Cybercriminals will register a domain similar to that of the company’s and set it up for mail delivery, mimicking a high-priority employee such as a CEO, company attorney or trusted vendor. The hackers research and target employees who are responsible for money handling and request a fraud wire-transfer of funds. Read on to learn about the three most common types of this scam strategy.
1. “CEO Fraud” or “Business Executive Scam”
As seen in the video above, cybercriminals will often masquerade as a high-level executive or other legal representative. This strategy targets employees in charge of finances, most often accountants, Directors of Accounting and CFOs. Posing as the C-level executive, the cybercriminal will reach out to the financial employee to request a wire transfer, sending the funds directly into an account controlled by the cybercriminal. Some common reasons given for needing the transfer include the C-level employee being stuck somewhere with legal issues or having an urgent bill that needs to be paid; these scenarios stimulate a sense of urgency, taking advantage of the human response and making the scam easier to execute.
2. “The Bogus Invoice” or ”Invoice Modification Scheme”
A bogus invoice will usually involve a business that has an established relationship with a particular supplier or client. Cybercriminals will compromise an employee's email address to gain access to the business account. This account is then used to send false notifications to customers asking for an invoice payment, and the money transfer is sent into a fake account benefiting the criminal.
3. “Compromised Employee Account”
Cybercriminals will often go directly to the employees of any organization, hacking right into their email accounts to request payment. This payment is sent directly to a criminal-controlled account. These messages are usually sent to multiple vendors, but are not mass-emailed in order to avoid being marked as spam. Businesses are usually not aware this scam has occurred until their vendors follow up to check for an invoice payment status.
Scam victims are varied, ranging from small local businesses to large-scale corporations. From October 2013 through February 2016, there has been a reported 17,642 victims with an amounted $2.3 billion in losses. Unlike general phishing scams, attackers will spend significant time doing their research on the intended victim to ensure that the message sounds believable and legitimate.
How Can You Protect Your Business?
- Ensure that the “Reply To” email address matches the sender's email address, but even if it does, be cautious of email-only wire transfer requests - verify any of these types of request with the contact by phone or in person.
- Implement multifactor authentication which requires more than one method of authentication to verify the user's identity to login.
- Educate and train employees on best practices - humans are busy and fallible creatures, so it's important for them to be on the lookout and recognize these types of scams before it's too late. Education is critical.
- Partner with a Managed IT Services Provider that has expertise in security best practices and implementing the tools that make the most sense for your business. iCorps partners with Mimecast’s security, archiving and continuity cloud services to protect business email and deliver comprehensive email risk management in one fully-integrated subscription service. By reducing the risk, complexity and cost traditionally associated with protecting email, you no longer have to manage an array of disjointed point solutions from multiple vendors.