A recent article revealed that there was 3.5 billion dollars in Cyber Crime losses last year, and about 50% of these losses were as a result of Business Email Compromise, known as BEC. The level of sophistication of these scams has improved to the point that they can be very difficult to recognize.
What is Business Email Compromise?
BEC, known to most as phishing, is a type of social engineering technique utilized by criminals to gain unauthorized access to and/or use of your computer systems- primarily your email system. With this access these criminals are able to impersonate other employees, management, or business partners to steal confidential data or commit theft of money or property. We call this unauthorized access to the system the forest fire peril under the Cyber Liability insurance policy. Our thought is that once the unauthorized access is gained, the fire has begun and from there much can happen.
What is Spoofing?
BEC emails usually do NOT contain malware, making common email filtering programs useless. A common BEC technique is called email spoofing. Spoofing occurs when the email appears to be sent by the legitimate sender but is actually sent by a criminal. This frequently successful method relies on the standard practice of employees to follow directives of those in authority positions to give them. For example, finance department employees are sent emails by the finance director, who is on vacation, asking them to transfer money or make payment to an account of a customer or business partner. The employee wires the money accordingly, and by the time the deception is discovered, the money is gone.
What Does It Look Like?
Criminals work in ways that can least arouse suspicion for maximum success. Here are examples of what they do:
Phishing Pages: An employee receives a link in an email from a bad guy with a fraudulent login page for Office 365 or Google requesting your credentials. The login page looks identical to the login pages of those real sites. It looks like this:
- Office 365: You get an email that a link has been shared with you. When you click the link you are directed to the fake page which asks for your credentials to review the file. Once you enter this information your credentials have been compromised.
- Google: The famous account compromise email. You receive an email which appears to be from Google about the possibility of your account being compromised and warns you to change your password. You are redirected to the fake page once you click the link to do so.
Keystroke malware programs: Known as keyloggers, these are programs installed onto your computer systems via malicious software designed to record the keystrokes of all pages visited. These are often embedded within cleverly disguised phishing emails that included what appear to be innocent links.
What Can You Do?
There are 3 important tools every business needs to deploy to be more effective in their defense of these events wreaking havoc. Our next post will discuss these 3 preventive tools in depth. What is important is that you are careful on clicking any links embedded in any emails you receive from any source. Until then, have a safe browsing day.