Tuesday, May 23rd, 2023

Business Email Compromise – CEO Impersonation

A newly discovered criminal group has been discovered engaging in a significant number of scams targeting businesses through business email compromise (BEC). Since February 2021, the gang has conducted approximately 350 BEC campaigns against various companies. While the group do not specifically target any particular sector, they tend to target larger organisations, with over 100 multinational corporations globally being among their prime targets.

All the attacks conducted by this group follow a similar and successful pattern. The primary strategy employed in these attacks is based on the pretext that the targeted employee’s company is involved in a confidential merger or acquisition of another company. The employee is then requested to assist with an initial payment required for the merger. The attacks consist of two stages, with each stage involving a different persona. One persona is an internal figure, typically the CEO, while the other persona is an external party, usually an attorney specializing in mergers and acquisitions.

While most BEC scams typically target members of a company’s finance or accounting team, this group specifically goes after high-ranking corporate officials.

Confidentiality plays a central role throughout the attack. The initial messages emphasize the importance of keeping the acquisition a secret, highlighting that any leakage of information could lead to project cancellation. They also insist on all communication being conducted via email to prevent insider trading and maintain a strict chain of custody.

The scammers initially impersonate a senior corporate officer, often the CEO, in their initial approach. This is followed by a subsequent communication posing as external legal counsel. The final stage of the attack usually involves fraudulent phone conversations conducted through WhatsApp, intended to finalize the deal and potentially reduce the email and paper trail associated with the fraud, as speculated by Abnormal Security.

There are several risk prevention measures that can help mitigate BEC, these include:

1. Multi-factor authentication

Implementing Multi-Factor Authentication (MFA) adds an extra layer of security by requiring users to provide multiple forms of identification before accessing their accounts. It helps protect against BEC scams by mitigating the risks of password theft, reducing the likelihood of successful spear phishing attacks, and safeguarding both personal and professional accounts. Enabling MFA on all online accounts enhances security and should be complemented by strong passwords and other security measures.

2. Educational campaigns

At the organizational level, enterprises can enhance their protection against BEC scams by focusing on employee awareness and training. By raising awareness about the significant threat posed by spear phishing attacks, companies can educate their employees about the risks involved. Training programs should include real-life examples of spear phishing incidents, highlighting the tactics used and their potential consequences. By actively testing employee knowledge and providing resources to recognize and respond to spear phishing attempts, organizations can empower their employees to be more vigilant and less likely to fall victim to such attacks. A well-informed and educated workforce is a crucial defense against the dangers of BEC scams.

3. Password policy

To protect against BEC scams, organizations can establish a well-defined password management policy. This policy should aim to prevent employees from using corporate passwords on fraudulent external websites. It should provide clear guidelines on creating complex passwords that meet specific criteria. Additionally, the policy should address the frequency of password changes and emphasize that passwords should never be shared. Importantly, it should educate employees about the importance of refraining from entering passwords on suspicious websites, as doing so can compromise the security of all systems and applications. By implementing and enforcing this policy, organizations can enhance their defense against BEC scams and mitigate the risks associated with password-related vulnerabilities.

4. Be careful what information you share online

To protect against BEC scams, it is crucial to exercise caution when sharing information online. Spear-phishing attacks often exploit personal information shared online, including job descriptions, contact details, routines, images, and even voice recordings. Limiting the type of information shared online is essential to prevent attackers from utilizing it to create convincing spear-phishing content. By being mindful of the information shared, individuals can reduce the risk of falling victim to BEC scams that leverage personal details obtained through online sources.

5. Implement Phishing Defence Capabilities

To strengthen protection against BEC scams, organizations should implement phishing defense capabilities. Despite robust security measures, phishing emails may still reach users’ inboxes. Therefore, it is essential to have a fast and user-friendly system in place for reporting and investigating suspicious emails. By empowering users to report potentially malicious emails and promptly investigating those reports, organizations can enhance their ability to identify and respond to phishing attempts effectively. This proactive approach helps in mitigating the risks associated with BEC scams and enables organizations to take swift action to protect their systems and sensitive information.

In addition, here are some common indicators of BEC to watch out for:

  1. When hovering over hyperlinks in the email, it can reveal a strange or suspicious URL
  2. Bad spelling or bad grammar
  3. The use of certain words to create a sense of urgency, such “now” or “I need it right away”
  4. Unknown or unfamiliar email addresses
  5. Bad quality of images or logos in the body of the email
  6. Suspicious attachments with unusual extensions (e.g., “file.txt.exe”)

It is crucial for organisations to remain vigilant and cautious in light of the growing threat posed by scams like BEC and fraudulent “confidential” mergers and acquisitions. The recent rise in sophisticated schemes targeting businesses underscores the need for heightened awareness and proactive measures to protect against such fraudulent activities.


Contact Us

The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.

    Copyright Smarttech247 - 2021