Though difficult to approximate, the FBI estimates that Business Email Compromise Scams have resulted in the loss of more than $1.2 billion in this year alone. Some fraud experts put this number much higher because they believe many businesses are hesitant to disclose all fraud-specific losses. These types of attacks, also called “masquerading”, are among the most common faced by small businesses.
In a masquerading attack, a malicious individual hides their specific email address and spoofs an executive’s or vendor’s email address, where they then request a wire transfer. The recipient of the spoofed email then processes the seemingly legitimate request. The malicious individual may social engineer relevant information to specifically target the email recipient making the scam seem that much more legitimate, by viewing the individuals social media and performing data reconnaissance. The nature of this attack style bypasses many of the security measures (procedures) commonly in place because the actions are being taken by an authorized user (Krebs, 2015)
Recognizing BEC scams:
- High dollar amounts ($100,000+) and a foreign destination (although smaller dollar scams can be rooted right here in the US.) Also, try and identify if the business or individual being sent the money (payee) is in a country that business is commonly done with;
- Look-alike domain name (Krebs, 2015);
- Won’t be caught by spam filters as emails are targeted, not mass (Krebs, 2015).
Preventing BEC scams:
- Strengthen internal controls regarding the transfer of funds, especially external transfers;
- Increase employee training to recognize legitimate email addresses (Kitten, 2015);
- Invest in identity-proofing technology.
Kitten, T. (2015, August 31). FBI Alert: Business Email Scam Losses Exceed $1.2 Billion. Retrieved August 31, 2015, from http://www.bankinfosecurity.com/fbi-alert-business-email-scam-losses-exceed-12-billion-a-8506?rf=2015-08-31-eb&mkt_tok=3RkMMJWWfF9wsRoiv6nNZKXonjHpfsXw7O4qX66g38431UFwdcjKPmjr1YYHT8R0aPyQAgobGp5I5FEIT7HYRrhpt6cOXA%3D%3D#
Krebs, B. (2015, August 27). FBI: $1.2B Lost to Business Email Scams. Retrieved August 31, 2015, from http://krebsonsecurity.com/2015/08/fbi-1-2b-lost-to-business-email-scams/
The NSA Cybersecurity Guide for Remote Workers
In this blog post, we cover a few key recommendations for remote workers from the NSA guide, ‘Best Practices for Securing Your Home Network.’
GraVoc Recognized on CRN’s 2023 MSP 500 List
CRN®, a brand of The Channel Company, has named GraVoc to its Managed Service Provider (MSP) 500 list in the Pioneer 250 category for 2023!
The Cybersecurity Implications of ChatGPT
Is ChatGPT a security risk? In this blog post, we explore the cybersecurity implications of ChatGPT, including the benefits and challenges.