How Cybercriminals Commit Wire Fraud and How You Can Protect Your Company
For the majority of professionals in Vancouver and across the Lower Mainland of British Columbia, email is the preferred means of business communication. The average employee receives over 100 emails a day and sends over 40 business emails. However, billions of emails are sent every day around the world. Unfortunately, email-based cyberattacks are on the rise as a result of the reliance on email communication. Email fraud and email spoofing have become progressively advanced within the past few years.
The techniques that threat actors are using have become so sophisticated that many fraudulent emails are bypassing spam filters and making it to email inboxes due to forged email headers. For unsuspecting employees, these emails appear to be legitimate, and they appear to be sent from their supervisors, owner, or CEO of the organization with straightforward requests.
If employees reply to a fraudulent email, cybercriminals will send another email with additional instructions. Replying to the email that is requesting the sensitive documents will warrant a reply from the cybercriminals with a fraudulent link to download the file. The email can also contain a ZIP container with malicious content.
Cybercriminals are more than aware that a compromised business email can be an entryway into the private network of an organization. These attacks by cybercriminals may seem like your ordinary phishing attacks, but Business Email Compromise attacks are targeted, and they are done with one goal in mind: money.
Unfortunately, malicious actors have found success with these scams, leading to disastrous results for organizations of all sizes. Sensitive information, including social security numbers, addresses, and financial information can all be compromised. While every workplace device should have the latest IT safeguards, including spam filters, virus protection, firewalls, and other endpoint security, security awareness education and training are also critical so that employees understand how to identify suspicious emails.
How Does Email Spoofing Work?
The cybercriminals that engage in Business Email Compromise scams use a variety of online tools to target and exploit their victims:
- There will generally be a slight variation in the spoofed email address, but employees will still be led to believe that the spoofed email account is authentic. Cybercriminals will then use a spoofing tool to direct any response to a different account. The unsuspecting employee will believe he or she is engaging in a conversation with a supervisor, CEO, or other high-level executives.
- Fake e-mails believed to be from a trusted source lead to victims revealing sensitive and confidential information.
- Malware can be used to infiltrate networks and gain access to legitimate e-mail conversations about billing and invoices. This confidential information is used to make an employee feel that a wire transfer request is legitimate. Malware allows cybercriminals to have access to data without being identified.
What Is Business Email Compromise?
Business email compromise (BEC) is one of the most financially damaging cyber crimes. BEC attacks appear to come from a trusted source making a simple and legitimate request. BEC attacks generally take the form of:
- A vendor or supplier requesting a payment
- A CEO or other high-level executive asking an employee to purchase gift cards and send the serial numbers
- A fraudulent email containing a phishing link leading to a fake account login page
Once the cybercriminals have taken control of an email account, the cybercriminals will then impersonate them, contact other employees within the organization, and lure the employees into paying a fraudulent invoice or transferring funds to a bank account.
Business Email Compromise scams have been heavily researched, and the findings conclude that cybercriminals target employees who have access to financial accounts, have the ability to authorize payments, and are authorized to do wire transfers. Business Email Compromise scams are on the rise because they have already proven to be successful, and they are highly lucrative.
How Can You Protect Your Company Against BEC Attacks?
Since BEC attacks can impact your company and your customers or clients, it is important that you not only take measures to protect your operations and your employees, but also take measures to protect your clients. It is important that you raise awareness around phishing and the dangers of clicking suspicious links and downloading suspicious attachments. You should also ensure that everyone is using strong passwords and Multi-Factor Authentication to protect their email accounts.
Everyone should assume that there is a third party lurking around in your email server. Why? There is a good chance that this is actually the case. The use of malware and other types of malicious software is running rampant in today’s digital environment. If you are the recipient of an email requesting that you make a financial transaction from within the company, it will be a mistake to automatically assume it is legitimate.
It is important to always use your best judgment when faced with these types of emails. If an email is received requesting sensitive documents or a wire transfer that you were not expecting, the best course of action to take is to contact the sender directly, via phone, or in person. The emails should not be replied to because the threat actors will send another email with further instructions.
Implement policies within your company to plan for such an attack. Make sure employees feel comfortable asking for clarification before sending documentation that could put the entire company in jeopardy. If your company implements a process for all to follow, you can always look back at the policy to ensure everyone is following it properly. Policy implementation, employee education, awareness, and training will go a long way to preventing these types of occurrences.
Embedding secure processes into your company will help you emphasize the importance of security to your employees. Having antivirus, anti-spam and anti-malware will protect your company to a certain degree, but you always have to factor in the human element. Employees have to know what to look out for and what to do in case he or she is faced with a potential BEC attack.
Compunet Infotech can ensure your company has the proper safeguards in place to eliminate the possibility that you will be a victim of a wire fraud crime or other financial crime. Contact us today to find out how we can help you combat financial crimes.