The Evolution of Business Email Compromise

The Evolution of BEC

That Nigerian prince has finally grown up.  Business Email Compromise or BEC is a real and evolving threat.  It may have started with humble beginnings but has been continually evolving.  Attackers are leveraging a remote workforce and COVID-19 to continue to exploit businesses.  Here’s what to look out for in 2021.

Money Transfer Requests

Accounting Departments have it rough lately.  Almost everybody is working from home, and this causes some disconnection.  Accounting departments working remotely get requests to pay bills and transfer money every day.  The bad guys have caught onto this.  They’ve started using legitimate lead acquisition tools to gather contact information and emails for controllers, CFO, and accounting staff.

They take this information and then spoof a request so that it looks like it’s coming from someone in a position of authority.  The CEO or CFO emails the controller asking them to wire money to a specific account to pay an invoice.  This is an everyday activity, and frequently not questioned.  The moment they hit send, that money is gone.

Frequently the attackers will attempt to gain access to accountings emails and look at the history.  Do they always pay invoices from a specific vendor on a specific day?  What are the amounts?  What do the invoices look like?  They use this information to craft the most convincing request.  It looks just like a typical invoice and appears to be coming from a know contact (email spoofed or hacked), it is requesting a normal payment amount, and simply informs them that they’ve had a banking change.  The provide the new account to wire the money.

The attacks are getting more sophisticated, and businesses need to set up their training for employees.  They also need to teach them how to properly verify a payment request before they hit send.  This is a problem that will continue to grow, and the issue is made more difficult with less communication on remote teams.

Gift Card Requests

Another BEC attack that has been prevalent recently is requesting an employee purchase gift cards and mail them to a specific address.  Attackers have gotten wise and will use the guise of COVID in their attacks.  They tell the mark that they want to show some appreciation to their employees for their hard work during the pandemic.  Please mail them to this address so they can be distributed.

The language varies from scheme to scheme, but the idea is the same.  Prey on emotions and the pandemic to prompt folks into action and hope they don’t stop to verify.  These scams have been successful and are rising in popularity with BEC attackers.

Vaccine Access Scams

Another grown up attack that has grown in popularity recently is the COVID-19 vaccine access scam.  This is where an attacker will spoof the email of someone in authority within a business and email the entire company.  They claim that they need everyone’s information entered on a spread sheet immediately so that they can get company access to early doses of the vaccine.

They ask for sensitive information like SS# and medical billing information that the scammers will then use for their own nefarious purposes.

Conclusion

Business email compromise attacks are growing in their sophistication.  Its easier than ever to get hoodwinked.  Businesses need to take caution, increase end user security training, and put policies in place to verify all transfers and purchases to stay safe.  This is an evolving threat that will likely continue to grow and should be taken seriously by C-Levels.

For an interesting conversation on evolving BEC attacks check here.