Email fraud continues to increase and the bad actors continue to refine their tactics to trick people into providing personal information or wired funds.
Even with the latest email filters, fraudulent emails can get past the latest definitions on any spam filter. While spam filters are one level of defense against fraudulent emails coming into the environment, user training is the best and last line of defense. Regularly-scheduled training over the latest threats is key to educate users on what they need to look for in order to not fall prey to these fraudulent emails.
Security is not a single layer of defense against bad actors, it needs to be addressed in layers. The amount of security layers will depend on an organizations risk tolerance and required compliance.
— Centre Premier
Trending Origins and Entry Points
While how victims are selected varies greatly, social engineering techniques are often used to monitor and study the selected victim prior to formally launching a BEC scam. Many bad actors are sophisticated enough to identify key individuals and protocols necessary to perform wire transfers within business environments. Phishing e-mails from seemingly legitimate contacts act as entry points, containing malicious hyperlinks or requesting details relating to the business or specific individual being targeted.
When an unsuspecting victim clicks on the malicous hyperlink, malware is downloaded, providing the bad actor access to Personally Identifiable Information (PII) and other sensitive data such as passwords or financial information.
The BEC/EAC scam is linked to other forms of fraud, including but not limited to: romance, lottery, employment, and rental scams. The victims of these scams are usually U.S. based and may be recruited as unwitting money mules. The mules receive the fraudulent funds in their personal accounts and are then directed by the subject to quickly transfer the funds to another bank account, usually outside the U.S., upon direction, mules may open bank accounts and/or shell corporations to further the fraud scheme.
— FBI Public Service Announcement
So, what should your organization do if this happens?
If your organization has fallen victim to CEO or Wire Transfer Fraud, commonly known as Business Email Compromise (BEC), the FBI recommends a series of actions for immediate internal response, reporting and prevention, including:
Reviewing all IP logs accessing the relevant infrastructure
Scanning for log-in locational data
Identify email account(s) which may have been spoofed or compromised
Notify employees/agents of the situation and require that they contact customers
Scrutinize all requests that asked for a change in payment type or location
- Contact your bank(s) or financial institution(s)
Report activity to your local FBI Field Office by visiting https://www.ic3.gov/default.aspx
- Engage with a trusted IT partner for an Assessments of Risk and Technical Infrastructure Security (A.R.T.I.S.) for a comprehensive audit across your entire environment
How to Report Cyber-Crime
No matter the size or type of Cyber Crime that may affect your organization, it is important to report to the FBI. Any information people provide can indicate another group of bad actors or may be tied to a case they are already working. Cyber-crime can be reported by going to https://www.ic3.gov/default.aspx and filing a complaint with IC3. The form only takes a few minutes to complete and any information provided will be beneficial.
About Centre Premier's Security Experts
Willie Mata, Director of Security, Risk, and Compliance, and Rob Foit, Director of Premier Services, are active members of the National InfraGard Member’s Alliance, https://www.infragard.org, working with the FBI to both share and gather information regarding the protection of our critical infrastructure.