Business Email Compromise (BEC) appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up. BEC is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.
In the midst of adjusting to "working-while-COVID", ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest over the last quarter.
According to the report:
- Overall BEC attacks increased 15%
- Energy/Infrastructure industries experienced a 93% increase in attacks
- Group mailboxes as targets increased by 212% while target individuals in the finance department have dropped by 53%
It’s evident that the cybercriminals behind these attacks are thinking organizations are doing better financially, and have shifted their tactics to try to find an unwitting internal accomplice within the victim organization to assist with the fraudulent inquiries.
The rise in interest in invoice/payment fraud scams is likely due to its ease of execution. An example given by KnowBe4 indicates that the scammer, by sending an email to a group mailbox assigned to Accounts Payable, it’s far less necessary to appear credible to an individual, as it’s reasonable that not everyone in your Accounts Payable (AP) department knows every one of their counterparts at a partner organization.
Throw in a dash of good old fashioned domain impersonation to make the email appear real, and you can see how it would be easy to convince someone in AP to change the bank accounts used for payment.
Users within your AP department need to be instructed to use a verification protocol anytime a request to change banking details is made. This should be done using a communications medium other than the one the request was made through, and should use known contact details rather than any provided within the request. Additionally, users involved with any form of managing the organization’s finances should be enrolled in Security Awareness Training to help increase their alertness when it comes to potentially-harmful emails.
Contact us at 561-969-1616 or [email protected] for information regarding how we can help your employees be your first line of defense against cyber attacks!