Company email: 5 most dangerous email attacks you need to know
October 04, 2021

Company email: 5 most dangerous email attacks you need to know

Business email compromise (BEC) has been around since the 90s. In general, its phishing attack patterns have not changed much even though it has been a long time. No matter how advanced technology is, it is still difficult to prevent these attacks. The biggest reason is that company email attacks are attacks on people. Therefore, only by increasing vigilance and equipping security systems, businesses can avoid these forms of fraud.

BEC attack

In today's forms of corporate email attacks, hackers use online phishing attacks and steal credentials to compromise email accounts, then hijack and gain access to internal communications. the set. Next, they manipulate human psychology and take advantage of business operations to trick employees into sending sensitive data or money to impostors.

The working principle of BEC attacks is very simple. However, stopping them is not so simple - especially when attackers rely on user perception. Distinguishing between real and fraudulent email communications is challenging enough for businesses. But it also only partly helps reduce the risk of being scammed through corporate email.

Only 12% of online phishing (aka Spear Phishing) attacks were linked to a BEC attack last year. But don't be complacent because corporate email attacks actually wreak a lot of financial havoc and are becoming more and more challenging for security people.

IT leaders need to understand how BEC works as this form of attack is hailed by the hacker community for its effectiveness and huge payouts. Here, explore 5 dangerous email attacks to learn about tactics to use when faced with this situation and signs to avoid.

1. Supply Chain BEC Attack

The 2019 Toyota Boshoku Corporation scam turned into a terrible BEC attack due to the company's popularity and huge payouts. It also shows how social engineering overcomes the most complex security programs. That's because it targets people instead of infrastructure.

The attackers contacted the finance and accounting departments of a subsidiary of Toyota Boshoku. They pose as a legitimate business partner and demand payment from the subsidiary. They take advantage of the urgency to request a transaction. The counterfeiters announce that the transaction needs to be completed as soon as possible, or else they risk slowing down Toyota's production (this is a textbook BEC attack tactic). And unfortunately, this plan worked. Someone at the company transferred over $37 million to scammers. This is one of the biggest losses ever caused by BEC. A common feature of BEC attacks is to target people performing large money transactions. Since Toyota Boshoku manufactures cars and buys expensive parts in bulk, they are an ideal target for scammers.

2. Trust-based scams

Where there's a bill, there's a scam. Saint Ambrose Catholic Parish in Brunswick, Ohio, learned this lesson after losing $1.75 million in a BEC attack in 2019. According to an FBI investigation, hackers compromised two accounts. parish email accounts and scam the church by impersonating a contractor. The fake construction company called to explain that their payment information had recently changed. They had received no payment for expenses in the previous two months.

"This was shocking news for us, as we were very prompt in paying our monthly bills and receiving proper confirmation from the bank that the transfers to Marous were made," he said. Father Bob Stec wrote in a statement to the Community of Saint Ambrose.

By breaking into two email accounts, hackers observed conversations regarding the payer, due date, and amount then they used that information to create the perfect scam - one common technique in BEC attacks. Nonprofits are easily scammed because they place more trust.

3. Corporate email scams with gift cards

Gift card schemes have long been popular with cybercriminals because the cards work similarly to cash. Once the card is used, the value disappears and so does the scammer.

The FBI's Internet Crime Complaint Center has issued a warning about gift card fraud following an increase in the number of complaints received between January 2017 and September 2018. Victims will receive a fake email from scammers asking them to buy gift cards for individuals or businesses. Rabbis in Virginia, Tennessee, California, and Michigan were impersonated by email, the hackers asked to buy gift cards for a fundraiser and sent pictures of the serial numbers via email.

4. BEC scam related to COVID-19

As the demand for COVID-19 information increased over the past year, so did the number of coronavirus-themed phishing attacks. Hackers attack government email and take advantage of this opportunity to create phishing emails containing important information about virus transmission, personal protective equipment, and vaccination policy. Fraudulent content is submitted from trusted sources, such as the World Health Organization.

The FBI has received numerous reports of COVID-19-related email attacks targeting large healthcare organizations and state government agencies. The victim transferred large sums of money to the fake seller before receiving the items, including ventilators, personal protective equipment, and other medical supplies.

5. Business Email Attacks During Tax Season

Every tax-filing season, email hack scams pop up. Scammers use Social Engineering to identify and impersonate executives, who can email the HR director. If the human resources manager provides documents, the employee's personal information (including Social Security number, name, address, income, and tax withholding) will be stolen. Business email attackers can fraudulently file a tax return or sell it to the highest bidder on the dark web to abuse information.

Any activity with an urgent deadline can become prey to corporate email attacks. This includes tax filing, benefits application deadlines, or upcoming audits.

Some signs of a business email attack

  • Request personally identifiable information via email: You should always verify contact with the sender through another means of communication, such as phone or direct contact.
  • Payment requests: Beware of sudden payment requests or changes in information. Always confirm these changes before depositing some new accounts.
  • Urgent wording: You need to be on the lookout for any urgent payment requests.
  • General greetings. Most emails sent from financial institutions include the account holder's name, so be wary of receiving the "Dear customer" greeting.

Enterprise Email Protection Firewall - Mail Gateway EG Platform

As analyzed in the above articles, hackers attacking corporate email have taken advantage of people's trust and lack of vigilance to scam. To deal with the above attack risks, businesses need to equip themselves with a very safe defense layer. An email firewall system for business is the solution you are looking for. Some of the following features of the Mail Gateway EG Platform firewall system will help you detect signs of a BEC attack:

  • Detect the most sophisticated email spoofing techniques on the market today, preventing company email address similar to real mail.
  • AI technology helps track incoming mail and warn of unusual phenomena before you do any unsafe operations. Any changes in the email's path will be alerted to you.
  • The system will issue an immediate warning if the destination is a fake email or a hacker account.
  • Support filtering Spam based on international databases and the system's criteria (DKIM, SPF, IP).
  • Instantly disable hacked email addresses to avoid sending malicious emails to the outside.
  • Encrypt malicious emails into images.

Mail Gateway EG Platform is an advanced security solution developed by Vietnam's leading technology company VNETWORK. Businesses will not encounter scams if appropriate precautions are taken. Create a safe and productive work environment because anyone can become a target.

Call hotline: (028) 7306 8789 when you need the perfect email protection solution.

Related Posts
Emotet virus simultaneously attacked Vietnamese bank email
Vnetwork|September 22, 2020
Emotet virus simultaneously attacked Vietnamese bank email

A series of attacks via Email with malware virus Emotet are targeting banks in Vietnam.

Email serious attack US Treasury
Vnetwork|December 14, 2020
Email serious attack US Treasury

The Treasury and Commerce Department of the USA have been subjected to cyber-attacks through loopholes in Corporate Email Security, which are known to involve foreign government-backed hacker groups.

4 Solutions to optimize IT infrastructure for securities companies
Vnetwork|February 22, 2021
4 Solutions to optimize IT infrastructure for securities companies

Overloading IT infrastructure in the early days of 2021. Trading orders on the HoSE seriously slowed down. Specifically, in the morning session of February 18, when the market plunged after the ATO, the traffic congestion occurred until afternoon.

© 2019 VNETWORK JSC. All Rights Reserved

VNETWORK Joint Stock Company

Unit 23.06, 23th Fl, UOA Tower, 06 Tan Trao St, Tan Phu Ward, Dist 7, Ho Chi Minh City

Enterprise Code: 0312353730 - 03/07/2013

Registration Division: Department of Planning and Investment of HCMC

Powered by VNETWORK