Business Email Compromise (known as BEC) and CEO Fraud are two concepts that are, unfortunately, discussed with increasing frequency in company boardrooms and in the media. We only need to look back at last summer, when an FBI Operation (Operation WireWire) arrested 74 people worldwide that formed part of an international network that dedicated itself to BEC fraud. The operation avoided millions in planned losses.
BECs are sophisticated and elaborate attacks that are carried out in stages. Little by little, criminals gather information and documentation which they then use, in subsequent stages, to achieve their objective; which usually involves money or access to confidential information.
During the initial stages of these types of attacks, criminals usually exploit vulnerabilities in existing programs that are widely used, such as Windows, Outlook and other commonly-used office software. You might be wondering what type of information cyber criminals are looking for during this stage. The answer is rather simple: any information that allows them to get to know more about a company’s activities. For example, finding out the details about a company’s negotiations, identifying names or places that are involved in current or future activities, or simply getting to know the names of important suppliers. This information allows cyber criminals to appear more believable while dealing with their victims in the following stages. Cases such as these illustrate once again that “information is power”.
The individuals involved in BEC attacks create email addresses which appear legitimate, and which are designed to impersonate a company’s executives. This is done by using untrustworthy webmail providers, or by registering an imitation domain that looks like the company’s site, or that makes reference to the company.
Once the fraudsters have collected all the data, they will send the necessary instructions to the CEO’s assistant or other executive. The instructions are direct and completely trustworthy, and it is completely clear to the receiver which steps must be taken (transfer funds immediately, or other detrimental actions), thereby becoming a victim of fraud. Once the order has been executed, the damage is done and the attackers have achieved their objective.
As can be seen from the modus operandi of this scam, the CEO or other executive is not needed during the process; the objective is to get to those employees who work closely with the executives, who are trusted by them, and who are in a position to execute important actions within the company. Consequently, security and protection measures should take into account the essential role that these people play within the framework of scams.
Business Email Compromise threats, CEO Fraud, or executive email scams impersonate the identity of a company’s executive and request payroll information, transfer of funds, or the payment of invoices of employees. The success of these types of attacks lies in the fact that they are directed or targeted. These attacks do not cast their nets wide; their victims are selected based on specific criteria. All of this makes it difficult to detect, unless you have a specialized defense system. These attacks go unnoticed by conventional anti-spam or anti-malware systems and sometimes achieve their objective without being detected. This is why Spamina ATP (Advanced Threat Protection) scans all incoming emails and inspects headers, domain information and content in order to identify and block impersonation attacks. Companies that experience BEC attacks do not only suffer considerable economic losses, they can also reveal confidential information about the company that could cause serious harm to the structure of the company, causing damage to reputation or even bankruptcy.
Even though attacks are increasing in number and sophistication, there are some basic measures that allow us to protect our company:
Don’t wait for your company to become yet another victim of a BEC attack. Try Spamina Advanced Threat Protection; because prevention is key to your business.