15 Sep, 2023
Essentially, Business Email Compromise (BEC) scams consist of cybercriminals impersonating individuals or entities within their targets’ trusted networks for malicious gains. These scams are categorized as a form of social engineering, which refers to a broader cyberattack method that preys on key human behaviors (e.g., trust of authority, fear of conflict and promise of rewards) to obtain unwarranted access to organizational systems, funds or data. While the specific methods utilized for executing BEC scams can vary, these incidents often follow the same general framework. Here are the main steps a cybercriminal takes when deploying a BEC scam. Researching the Organization First, a cybercriminal selects an organization to launch their BEC scam against. From there, the cybercriminal will conduct a range of research on the organization to help them develop a detailed profile of the company and its executives, create convincing emails and gain their target’s trust during the attack. This research may include activities such as the following: Analyzing the company’s website and LinkedIn page to understand its organizational hierarchy (e.g., members of the senior leadership team, primary department roles and reporting structures) Finding and examining individual employees’ social media profiles and professional platforms to learn more about their interests, job responsibilities and workplace connections Reviewing any other information available on the company (e.g., industry news articles, public records and press releases) to identify key organizational issues and developments Selecting the Target After researching the organization, cybercriminals will use the information they collected to prepare for their attack. At this point, the cybercriminal picks a specific individual within the organization as their main target for the incident, likely someone who has access to critical company funds and data. Launching the Attack Once they choose their target, the cybercriminal will deploy malicious software (also called malware) to access their target’s email account, monitoring the target’s digital interactions for days or weeks without their knowledge. Doing so allows the cybercriminal to see who the target frequently interacts with, what their conversations typically look like and the types of activities they conduct via email (e.g., paying invoices or sharing sensitive company files). The cybercriminal can then use this information to better impersonate a trusted sender and manipulate the target. What’s more, the cybercriminal may also hack into the email account of another individual in the target’s organizational network, inserting themselves directly into legitimate conversations and further convincing the target to engage in compromising activities. Here are some other common attack strategies the cybercriminal may use: Utilizing fake accounts or websites—If the cybercriminal opts not to hack into the target’s or a trusted sender’s email account, they will likely rely on fraudulent accounts or websites to launch their attack. For example, the cybercriminal may send emails using false domain names that appear genuine or direct the target to seemingly legitimate websites (also known as domain spoofing). Similarly, the cybercriminal may utilize lookalike domains, which almost exactly match the actual source, to deceive their target into performing certain actions. Creating confusing variations—In an attempt to convince their target that they are a trusted source, the cybercriminal may create an email address that is nearly identical to the source they are impersonating, with the exception of a few characters (e.g., altering the email address “janedoe@samplecompany.com” to “janedoee@samplecompanyy.com”). Using spear-phishing techniques—The cybercriminal may engage in spear-phishing by conducting additional, personalized research on their target and leveraging any extra details they discover to further motivate the target to believe their false identity. When spear-phishing, a cybercriminal will often impersonate a source who is more directly connected to their target (e.g., a close colleague or department leader). Deploying additional malware—When sending fraudulent emails, a cybercriminal may encourage their target to download harmful attachments or click on deceptive links in an effort to launch additional malware. Once activated, this harmful software can help the cybercriminal more easily gain access to their target’s systems, funds and data. Manipulating the Target Once the cybercriminal convinces their target that they are engaging in a genuine business interaction, they will conclude the attack by manipulating the target into wiring company funds to the cybercriminal’s personal bank account or a bank account controlled by a large-scale organized crime group; sharing sensitive organizational details, intellectual property, supply chain information or workplace documentation; providing account credentials; or disclosing confidential employee or customer data. Protect Yourself BEC scams have become a pressing concern for all businesses, regardless of size or industry. With these incidents on the rise, businesses simply can’t afford to ignore their BEC exposures. Nonetheless, by implementing effective prevention, response and recovery procedures, businesses can not only limit their likelihood of experiencing such incidents but also mitigate possible losses when attacks arise. Above all, it’s crucial for businesses to understand that they aren’t alone in managing their cyber risks and safeguarding against BEC scams. There is a wide range of resources and guidance available from trusted experts and professionals. For more information, contact Vista Insurance Group today. Source: Zywave