Business email compromise (BEC) has been around since the 90s. In general, its phishing attack patterns have not changed much even though it has been a long time. No matter how advanced technology is, it is still difficult to prevent these attacks. The biggest reason is that company email attacks are attacks on people. Therefore, only by increasing vigilance and equipping security systems, businesses can avoid these forms of fraud.
In today's forms of corporate email attacks, hackers use online phishing attacks and steal credentials to compromise email accounts, then hijack and gain access to internal communications. the set. Next, they manipulate human psychology and take advantage of business operations to trick employees into sending sensitive data or money to impostors.
The working principle of BEC attacks is very simple. However, stopping them is not so simple - especially when attackers rely on user perception. Distinguishing between real and fraudulent email communications is challenging enough for businesses. But it also only partly helps reduce the risk of being scammed through corporate email.
Only 12% of online phishing (aka Spear Phishing) attacks were linked to a BEC attack last year. But don't be complacent because corporate email attacks actually wreak a lot of financial havoc and are becoming more and more challenging for security people.
IT leaders need to understand how BEC works as this form of attack is hailed by the hacker community for its effectiveness and huge payouts. Here, explore 5 dangerous email attacks to learn about tactics to use when faced with this situation and signs to avoid.
1. Supply Chain BEC Attack
The 2019 Toyota Boshoku Corporation scam turned into a terrible BEC attack due to the company's popularity and huge payouts. It also shows how social engineering overcomes the most complex security programs. That's because it targets people instead of infrastructure.
The attackers contacted the finance and accounting departments of a subsidiary of Toyota Boshoku. They pose as a legitimate business partner and demand payment from the subsidiary. They take advantage of the urgency to request a transaction. The counterfeiters announce that the transaction needs to be completed as soon as possible, or else they risk slowing down Toyota's production (this is a textbook BEC attack tactic). And unfortunately, this plan worked. Someone at the company transferred over $37 million to scammers. This is one of the biggest losses ever caused by BEC. A common feature of BEC attacks is to target people performing large money transactions. Since Toyota Boshoku manufactures cars and buys expensive parts in bulk, they are an ideal target for scammers.
2. Trust-based scams
Where there's a bill, there's a scam. Saint Ambrose Catholic Parish in Brunswick, Ohio, learned this lesson after losing $1.75 million in a BEC attack in 2019. According to an FBI investigation, hackers compromised two accounts. parish email accounts and scam the church by impersonating a contractor. The fake construction company called to explain that their payment information had recently changed. They had received no payment for expenses in the previous two months.
"This was shocking news for us, as we were very prompt in paying our monthly bills and receiving proper confirmation from the bank that the transfers to Marous were made," he said. Father Bob Stec wrote in a statement to the Community of Saint Ambrose.
By breaking into two email accounts, hackers observed conversations regarding the payer, due date, and amount then they used that information to create the perfect scam - one common technique in BEC attacks. Nonprofits are easily scammed because they place more trust.
3. Corporate email scams with gift cards
Gift card schemes have long been popular with cybercriminals because the cards work similarly to cash. Once the card is used, the value disappears and so does the scammer.
The FBI's Internet Crime Complaint Center has issued a warning about gift card fraud following an increase in the number of complaints received between January 2017 and September 2018. Victims will receive a fake email from scammers asking them to buy gift cards for individuals or businesses. Rabbis in Virginia, Tennessee, California, and Michigan were impersonated by email, the hackers asked to buy gift cards for a fundraiser and sent pictures of the serial numbers via email.
4. BEC scam related to COVID-19
As the demand for COVID-19 information increased over the past year, so did the number of coronavirus-themed phishing attacks. Hackers attack government email and take advantage of this opportunity to create phishing emails containing important information about virus transmission, personal protective equipment, and vaccination policy. Fraudulent content is submitted from trusted sources, such as the World Health Organization.
The FBI has received numerous reports of COVID-19-related email attacks targeting large healthcare organizations and state government agencies. The victim transferred large sums of money to the fake seller before receiving the items, including ventilators, personal protective equipment, and other medical supplies.
5. Business Email Attacks During Tax Season
Every tax-filing season, email hack scams pop up. Scammers use Social Engineering to identify and impersonate executives, who can email the HR director. If the human resources manager provides documents, the employee's personal information (including Social Security number, name, address, income, and tax withholding) will be stolen. Business email attackers can fraudulently file a tax return or sell it to the highest bidder on the dark web to abuse information.
Any activity with an urgent deadline can become prey to corporate email attacks. This includes tax filing, benefits application deadlines, or upcoming audits.
Some signs of a business email attack
Enterprise Email Protection Firewall - Mail Gateway EG Platform
As analyzed in the above articles, hackers attacking corporate email have taken advantage of people's trust and lack of vigilance to scam. To deal with the above attack risks, businesses need to equip themselves with a very safe defense layer. An email firewall system for business is the solution you are looking for. Some of the following features of the Mail Gateway EG Platform firewall system will help you detect signs of a BEC attack:
Mail Gateway EG Platform is an advanced security solution developed by Vietnam's leading technology company VNETWORK. Businesses will not encounter scams if appropriate precautions are taken. Create a safe and productive work environment because anyone can become a target.
Call hotline: (028) 7306 8789 when you need the perfect email protection solution.
A series of attacks via Email with malware virus Emotet are targeting banks in Vietnam.
The Treasury and Commerce Department of the USA have been subjected to cyber-attacks through loopholes in Corporate Email Security, which are known to involve foreign government-backed hacker groups.
Overloading IT infrastructure in the early days of 2021. Trading orders on the HoSE seriously slowed down. Specifically, in the morning session of February 18, when the market plunged after the ATO, the traffic congestion occurred until afternoon.