Recent Posts

Recent Blog Posts

The PhishLabs Blog

FBI Fraud Alert: Business E-mail Compromise

Posted by Lindsey Havens on Jun 23, '15

FBI_BEC_Thumb
Federal law enforcement officials and the Financial Services Information Sharing and Analysis Center (FS-ISAC) have released a fraud alert to heighten awareness around the continued rise of business email compromise (BEC) attacks. Cybercriminals are targeting senior executives in an attempt to takeover or spoof the business email address for the purpose of conducting an unauthorized wire transfer.

Targets

Executive officers, primarily CEOs and CFOs, are the targets in this type of attack. According to a previous BEC alert, businesses of all size are potential targets and the scam is not limited in geographic scope. Victim selection criteria is largely unknown.

Modus Operandi

Cybercriminals zero in on the target and employ social engineering or malware (potentially both) to take over the business email account. After the compromise, email correspondences are monitored by the criminal and information is gathered about travel schedules and other intelligence that would enable wire transfer fraud. As the alert calls out, the bad actor will often wait until the executive is on vacation to initiate the wire transfer request. The requests are well written and reflect the communication style of the executive.

Cybercriminals don't always take over the email account to attempt fraud, sometimes they will spoof the email address so that it closely resembles the legitimate business email address. 

The following is an example of a BEC attempt; you’ll notice there are no grammatical errors or misspellings, which are common in other less sophisticated phishing attacks. This particular email was sent to a director in the finance department purporting to be from the CFO of the targeted company. 

Wire_Transfer_BEC

Figure 1. Example of wire transfer email scam

Victims and known losses

The Internet Crime Complaint Center first sounded the BEC alarm in a public service announcement in January of 2015, reporting the following statistics related to BEC attacks.

  • Total U.S. victims: 1,198
  • Total U.S. dollar loss: $179,755,367.08
  • Total non-U.S. victims: 928
  • Total non-U.S. dollar loss: $35,217,136.22
  • Combined victims: 2,126
  • Combined dollar loss: $214,972,503.30

What should you do?

Although criminals continue to circumvent security parameters there are some tactics you can deploy to help mitigate the risk of fraud related to business email compromise attacks. A few suggestions called out in the alert include:

  • Verbal confirmation – ensure that vendors and executives are required to verbally approve transfers (use phone numbers that are known and listed in contact list for vendors)
  • Vendor contact information of individuals approved to make payment changes should be kept in a hard copy file
  • Limit number of individuals authorized to approve fund transfers
  • Out of band verification and one-time pins
  • Dual approval for all wire transfer requests - dollar amount thresholds, trading partner white lists, new trading partner flags

Security awareness training is another critical component of protecting your employees. Ensure that scam alerts are communicated and that the necessary tools are in place for employees to quickly and effectively report suspicious emails. Make sure reporting doesn’t mean that the suspicious email gets forwarded to a SOC mailbox that is never checked or managed.

Unfortunately, targeted phishing emails, such as the ones used in the BEC attacks, are becoming increasingly more common due to the high succes rates and ROI for cybercriminals. For more information on protecting employees, visit our Spear Phishing Protection service page. 

Topics: Spear Phishing, Wire Transfer, Alert

What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Recent Posts

Posts by Topic

see all