With Election Day just around the corner, the Republican Party of Wisconsin revealed that $2.3M was recently stolen from election funds intended to support the re-election of President Trump. According to their statement, they are victims of a Business Email Compromise phishing attack that altered invoices to direct payments to accounts controlled by the threat actor.
BEC attacks like this are increasingly common. Billions have been lost to BEC attacks in recent years, more than any other type of cyber threat. While BEC attacks are not incredibly sophisticated, they are very difficult to stop and can lead to substantial losses (as the Wisconsin GOP's incident demonstrates).
BEC threat actors are often opportunistic. Many BEC incidents involve the cybercriminals using compromised enterprise accounts to monitor business email for transactional activity such as invoicing. They identify weak points in how these transactions are handled and then use social engineering techniques to exploit those weak points.
While there is no silver bullet for BEC attacks, organizations can take the following steps to reduce their risk:
- Put strong procedures in place for reviewing and authorizing the payment or transfer of funds.
- Monitor domain name registrations for look-alikes that could be used to send BEC emails.
- Provide users with in-depth, focused training on how to recognize and report BEC scams and frequently test them to maintain vigilance.
- Have a timely and efficient process in place to review suspicious emails, investigate threats, and mitigate attacks.
Additional resources on BEC:
- BEC: The most costly form of phishing (White paper)
- COVID-19: BEC lures use pandemic to enhance attacks
- Domain Monitoring
- Email Intelligence & Response