As a cybersecurity consultant, it is crucial to address the rising threat of Business Email Compromise (BEC) fraud. In the last month alone, the North Dakota State and Local Intelligence Center (NDSLIC) have reported four cases of BEC fraud against businesses in North Dakota. These incidents highlight the need for increased awareness and proactive measures to safeguard your organization against this sophisticated scam. In this article, we will discuss the nature of BEC fraud, the techniques employed by cybercriminals, and provide actionable steps to protect your business.
Understanding Business Email Compromise (BEC):Business Email Compromise is a complex scam that targets both businesses and individuals involved in fund transfers. Perpetrators gain unauthorized access to legitimate business email accounts through social engineering or computer intrusion techniques, leading to fraudulent money transfers. To combat this threat effectively, it is essential to familiarize yourself with the tools cybercriminals employ to exploit their victims.
Techniques Employed by Cybercriminals:Organized criminal groups behind BEC scams demonstrate high levels of sophistication. They utilize various online tools and techniques to deceive and manipulate victims. Here are some commonly employed methods:
- Typo Squatting: Cybercriminals create email addresses that closely resemble legitimate ones, utilizing slight variations or misspellings to trick victims into believing they are interacting with authentic sources.
- Email Spoofing: By manipulating email accounts, criminals make it appear as if messages originate from trusted sources. They may use different reply addresses under their control or include malicious links, urging victims to take action or disclose sensitive information.
- Spear-phishing: Cybercriminals craft convincing emails, often containing relevant information, to trick victims into disclosing confidential data. These emails are carefully designed to appear as if they originate from a trusted sender.
- Unauthorized access "Hacking": Criminals employ malware and credential harvesting campaigns to infiltrate company networks, gaining access to legitimate email threads related to billing and invoices. This information allows them to request fraudulent wire transfers without raising suspicion. Unauthorized access also grants them undetected access to victims' data, including passwords and financial account details.
Protective Measures and Response Actions:
To safeguard your business from BEC fraud and mitigate potential losses, it is crucial to implement the following preventive measures:
- Contact Financial Institutions: If you suspect BEC fraud, immediately reach out to your originating financial institution to request a recall or reversal of fraudulent transactions. Additionally, request a Hold Harmless Letter or Letter of Indemnity to protect your organization from financial liability.
- File a Complaint: Report the incident in detail on www.ic3.gov, the Internet Crime Complaint Center. Ensure all necessary information, including banking details, is provided in the designated fields. This step contributes to the ongoing fight against BEC fraud and aids in tracking down the perpetrators.
- Stay Informed: Regularly visit www.ic3.gov for updated Public Service Announcements (PSAs) concerning BEC trends and other fraud schemes targeting specific industries or populations, such as real estate, pre-paid cards, and W-2 forms.
- Verification is Key: Before making any payment changes, always verify the request with the intended recipient through a trusted communication channel. When checking emails on mobile devices, ensure that email addresses are accurate to avoid falling victim to email spoofing techniques.
The prevalence of Business Email Compromise fraud demands heightened vigilance and proactive measures to protect your business. By understanding the techniques employed by cybercriminals and implementing preventive measures, you can significantly reduce the risk of falling victim to BEC scams. Stay informed, stay cautious, and remain proactive in the fight against cybercrime.
Sensitivity/Handling Notice:Recipients are encouraged to share this information without restriction to ensure widespread awareness. When disseminating this content, consider using TLP:CLEAR (Traffic Light Protocol) guidelines, which promote the responsible sharing of information that carries minimal or no foreseeable risk of misuse. For further reference, consult applicable rules and procedures for public release. Remember to adhere to standard copyright rules when sharing TLP:CLEAR information.
Source: FBI's official website - Business Email Compromise
If you believe you are a victim of BEC, take immediate action:
- Contact your originating financial institution to request a recall or reversal of fraudulent transactions.
- File a detailed complaint on www.ic3.gov, ensuring all required data, including banking information, is provided.
- Stay updated on BEC trends and other fraud schemes by visiting www.ic3.gov for Public Service Announcements (PSAs).
- Always verify payment changes with the intended recipient and double-check email addresses for accuracy, especially when accessing emails on mobile devices.
Additional Steps to Take as a Possible Victim of BEC:
If you suspect that you have fallen victim to Business Email Compromise (BEC), it is crucial to take immediate action to secure your accounts and minimize the potential damage. In addition to the previously mentioned steps, consider the following measures:
- Reset Your Password: Change your email account password to a strong and unique password that is not easily guessable. Avoid using common phrases or personal information that can be easily associated with you.
- Sign Out of All Email Sessions: Utilize the security features provided by your email service provider, such as Gmail, to sign out of all active sessions. If your email is centralized within your agency, contact your email account manager to ensure all active sessions are terminated.
- Reset Additional Accounts: Review your email for any references to financial institutions, social media accounts, or other platforms that an attacker may have gained access to through your compromised email. Reset passwords for these accounts to prevent unauthorized access.
- Enable Multi-Factor Authentication (MFA): Add an extra layer of security to your email account by enabling MFA. This can be done through options such as receiving a text message with a verification code or using an authenticator app. MFA helps protect your account even if your password is compromised.
- Check Outgoing Messages and Email Rules: Thoroughly inspect your sent messages and email rules for any unauthorized changes made by the attacker. Look for any suspicious or unfamiliar content that may have been sent without your knowledge. Ensure that your contacts are not impacted by any fraudulent activity.
- Scan Devices for Malware: Conduct a comprehensive scan of your devices, including computers, laptops, and mobile devices, to detect and remove any potential malware. Malware can be used by attackers to gain unauthorized access to your accounts or monitor your activities.
By following these additional steps, you can further safeguard your accounts and prevent further compromise. Remember, swift action is crucial in mitigating the impact of a BEC attack. Stay vigilant and regularly monitor your accounts for any suspicious activity.
Contact Smart Computers and Consulting