Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

 

Here are the top 4 methods hackers use to compromise businesses:

Slight variations on legitimate addresses (john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) fool victims into thinking fake accounts are authentic.  The spoofed emails can be made to look like they are coming from anyone.  Scammers target employees with transactional authority (accounts payable, check signers, authorized individuals) or access to systems managing personally identifiable information. Emails often display a sense of urgency culminating in a request for money transfers, data, or gift cards.

These messages look like they’re from a trusted sender to trick victims into revealing confidential information. That information lets criminals access company accounts, calendars, and data that gives them the details they need to carry out the BEC schemes.  Emails attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate or clicks on malicious attachments.  This is an attempt by attackers to solicit personal information, such as account usernames and passwords, these fraudulent websites may also contain malicious code.

Cybercriminals are targeting organizations that use popular cloud-based email services to conduct Business Email Compromise (BEC) scams. The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cybercriminal to target victims using cloud-based services.

Malicious software can infiltrate company networks and gain access to legitimate email threads about billing and invoices. That information is used to time requests or sends messages so accountants or financial officers don’t question payment requests. Malware also lets criminals gain undetected access to a victim’s data, including passwords and financial account information.  This data is then used to avoid raising suspicions when a falsified wire transfer is submitted