Since life in the shadow of the Covid-19 pandemic became “new normal”, we at OP Innovate have seen an excess of business email compromises (BEC) incidents.
As the pandemic played out across the globe, workers got vaxxed and IT departments got used to this “new normal”, we genuinely hoped we’d see a drop in this kind of attack. The human factor remains the weakest link in the chain and the many organizations that softened their IT and security policies to enable employees to work remotely, inadvertently also welcomed the cyber criminals to compromise their assets.
So what is a Business Email Compromise (BEC)?
As its name suggests, a BEC attack targets corporate email accounts. At an early stage, the attacker designs an attractive “call to action” to fool users into giving over some personal details. The attacker often couples the call to action with a sense of urgency. Attackers usually load their emails with eye-catching subject lines that include terms such as “invoice attached” or “verification required”. One common example takes the form of a fake ‘password expiry’ notification but the results are the same – compromised credentials.
Once the attacker acquires the credentials, they will use them to log into the victim user’s account, learn their finance protocols and ultimately perpetrate a fraudulent wire transfer that will closely resemble a legit wire transfer request.
As incident responders (Blue team), OP Innovate’s team has been in the thick of things handling multiple attacks. Some carried the fingerprints of the “Florentine Banker” attack group and included lookalike domains and well choreographed man-in-the-middle techniques.
The flow diagram below shows how a typical BEC attack evolves into a fraudulent wire transfer.
Here are some stats from our Covid era engagements so far:
Top 10 Recommended Steps to Hardening your Business Email & Wire Transfer Processes
If you don’t want to become a BEC victim, here are a number of recommendations on how to protect yourself and your organization in the face of email-based attack:
Contact OP Innovate to work with your organization’s teams and technologies to Identify your weaknesses and vulnerabilities. We can keep you aware of the threats out there and step up as your cybersecurity IR team, by your side, whenever required.
Written by Omer Pinsker, the founder & CEO of OP Innovate, Certified Incident Handler (GCIH).