BEC auto-forwarding scams present another danger
COVID-19 isn’t only dangerous for people, it’s the perfect springboard for malicious cyber attackers. They prey on misinformation and fear surrounding the pandemic, which allows them to circumvent cyber defenses in hopes to steal information.
The end of 2020 is no different. As the virus sees a new surge, hackers are looking to take advantage. A new FBI report reveals scammers are engaging in BEC attacks, or “business email compromise” attacks. The goal of a BEC attack is to wire money from a company account, done so by accessing administrator data with social engineering techniques. Hackers are relying on misinformation related to COVID to accomplish this.
Typically, a successful BEC attack will involve the hacker impersonating an administrator or trusted IT official in order to siphon their desired information. From the FBI report, however, malicious parties are enacting an auto-forwarding scam to hasten their efforts.
It’s a profitable enterprise, as cybercriminals cashed in $1.7 billion in 2019 alone.
How did this occur?
According to the FBI report, hackers were taking advantage of forwarding rules not set up correctly. Instead, the hackers set up their own auto-forwarding rules and injected them into an upgraded web client used by a US medical equipment company. Given the enormous burden currently placed on healthcare systems by COVID-19, this was a ripe target for hackers.
As for the company, they remained unaware of the intrusion while the attackers siphoned personal data in order to impersonate administrators and other high-level staff. Once done, they were able to launch a series of social-engineering attacks to further steal data for ransom.
Preventative measures
The aforementioned attack is only one in a long series of strikes malicious parties seek to use against companies and organizations. Primarily, the success of the attack depends on its effectiveness via social engineering. In other words, how capable it is at deceiving internal staff.
Currently, the best way to identify BEC attacks is to check for abrupt changes with established email accounts. It’s also important to familiarize yourself and staff with phishing email characteristics.
As a quick refresher, here are a few things to note:
- Phishing emails will attempt to appear legitimate by using logos, messages, and characteristics from official emails
- ALWAYS check the sender address when receiving an email if you’re unsure of its intent as this is a tip-off
- Phishing emails contain links to illegitimate domains, and said domains will often ask you for login information
- Phishing emails try to alarm readers with fraudulent claims of financial account problems
- ALWAYS be wary of emails claiming you have a financial account problem and check said account through an official website to double-check
- Within an administration, be wary of an email asking you for sensitive info, especially if it’s from a trusted source
- No IT persons or administrator will ask you for login info over an email
