Email Hijack

Beware of Business Email Compromise (BEC)


Print Friendly, PDF & Email

Organizations in the U.S. lost $2.4 billion to business email compromise (BEC) scams (also known as CEO fraud) last year, according to Alan Suderman at Fortune.

“BEC scammers use various techniques to hack into legitimate business email accounts and trick employees to send wire payments or make purchases they shouldn’t,” Suderman writes. “Targeted phishing emails are a common type of attack, but professionals say the scammers have been quick to adopt new technologies, like ‘deep fake’ audio generated by artificial intelligence to pretend to be executives at a company and fool subordinates into sending money.”

Suderman cites a case from San Francisco, where a nonprofit lost more than half a million dollars to one of these scams.

“In the case of Williams, the San Francisco nonprofit director, thieves hacked the email account of the organization’s bookkeeper, then inserted themselves into a long email thread, sent messages asking to change the wire payment instructions for a grant recipient, and made off with $650,000,” Suderman says.

BEC actors also collaborate and share information with each other to improve their attacks.

“Unlike ransomware operators who try to keep their communications private, BEC scammers often openly exchange services, share tips or show off their wealth on social media platforms like Facebook, “ Suderman writes. “A Facebook group called Wire, which was until recently available to anyone with a Facebook account, acted as a message board for people to offer BEC-related services and other cybercrimes.”

Suderman concludes that organizations of all sizes need to be wary of BEC scams.

“Almost every enterprise is vulnerable to BEC scams, from Fortune 500 companies to small businesses,” Suderman writes. “Even the State Department got duped into sending BEC scammers more than $200,000 in grant money meant to help Tunisian farmers, court records show.”

New-school security awareness training can enable your employees to thwart social engineering attacks. Contact Yeo & Yeo Technology to learn more.

Information used in this article was provided by our partners at KnowBe4.

Want To Learn More?

Connect with one of our professionals today.