Business Email Compromise (BEC)
Business Email Compromise (BEC) is a common type of attack in which criminals will attempt to gain access to company email accounts. A large portion of these attacks focus their efforts on attempting to fraudulently obtain company funds by tricking employees into performing wire transfers to accounts under control of the criminal. The Federal Bureau of Investigation (FBI) Internet Crime Complaint Center’s reported $26.2 billion dollars in domestic and international losses between June 2016 and July 2019. While that is a large number, it is not just the famous cases that you hear about that account for the losses. Logic Speak has a couple of clients that have been targeted and earlier in 2020 heard from the Secret Service that oftentimes smaller companies are easier to access than larger organizations.
The most common sources of a BEC attack are phishing emails which entice a user to enter their credentials on a website owned by the attacker, malware installed on the computer, or from reuse of passwords that were used on other sites which have experienced a compromise and breach. In the case of reused passwords, the email accounts don’t even necessarily need to match; if the attacker has real names associated with accounts from a compromise and breach, they can use that to search LinkedIn and other sites for business or other email addresses associated with that name and then try the passwords they gained from the breach. Once the attackers have a set of working credentials, they can log into the email account and begin their work.
Get the latest IT trends and best practices in your inbox.
Recently Logic Speak’s monitoring identified a mail account at a client which started forwarding email to an unrecognized Gmail account. Upon calling the owner of the mailbox to verify whether this was forwarding they had created; it was determined their account had been compromised. In addition to the forwarding rule, other rules were found marking emails that met certain criteria as read and moving them out of the Inbox. Further investigation found that the attacker had used the mailbox credentials to add the account to the mail client on a mobile phone. By acting swiftly to remove the unwanted mailbox rules, revoke all unauthorized access, and reset passwords, Logic Speak was able to restore full access to the mailbox and secure it from the attacker.
Find out more about Cybersecurity services.