Business Email Compromise (/BEC) scams target organisations/ companies. The attackers study an organisation, its employees and financial transaction methods before selecting a victim of their attack. They usually impersonate a high level employee from the organistaion like a CEO/ CFO who can authorize wire transfers or other financial transactions. They will ask the victim, associated with the finance department, to wire money to a specific amount to their accounts offshore. These scams need months of preparation, social engineering and phishing skills. Their approach is based on using the fear of chain of command to get money into their accounts. An employee from teh finance/ human resources department may not question the requests made by a top level employee. These are the ways in which a BEC attack can be carried out:
In an impersonation attack, the attacker studies the organisation and chooses a victim who will not question requests or transactions authorized by a top level executive like a CEO. The victim will receive an email from the attacker which will look like 'URGENT - I'm stuck in a business meeting and will be out of reach for the next few hours. Transfer $XXXXX to bank account number #XXXXXXXX ASAP.' Any employee who receives this and does not take a few moments to check the authenticity of the email will end up transferring funds to the attacker's account. Here are a few ways to avoid this:
- Verify the email address. If the email domain looks similar but does not belong to the organisation, raise a flag. Pass the message on to the IT department.
- Start filtering out (/block) emails from domains that look to your organisations.
- Always to try to verify the authenticity of the email and its content either with your colleagues/ superiors.
In a credential compromise attack, The attacker users social engineering and phishing skills to get the user name and password of the victim. It can be played out in two ways:
- Compromising a top level executive's account - someone who can authorize a payment
- Compromising an employee's account - someone who does the transactions on a daily basis
The attacker can impersonate a supplier that is associated with the company. An emplyee (victim) will receive an email from the supplier (attacker) requesting funds. Any employee who does not verify the authenticity of the email with fall prey to this attack and might end causing millions of dollars in losses to the company. This attack might not be monetary. The attacker could ask for business details and other confidential information. This information will then be used to plan and carry out the attack.
FBI released an alert saying that organisations lost upwards of $12 Billion to BEC scammers. This could also impact the reputation of the company for having poor IT practices and training in place. If you receive an email with a suspicious link in the content, we advise you to scan the url on Checkphish.ai and check if it is a phish or a clean page.