Rise In BEC Attacks

Welcome back to another episode of Cappuccino Chat. This time we're talking about the rise of business email compromise attacks. So this time we're talking about business email attacks or BEC attacks is somehow it's abbreviated all the time. We in the IT industry always like to uh abbreviate everything unfortunately. But we're seeing a rise of these attacks not only uh amongst our uh clients and regions uh but just overall throughout the industry throughout the United States. So what is a business email compromise? So these are attacks that are specifically geared towards the email of a business i.e. business email compromise. So this is just a little bit different than the general fish or attack to get anybody right. This is kind of specific and kind of targeted. Now, it typically starts with a fishing email, but what happens is once they're inside a system and they realize it's a business because they start looking around at the different emails that you have, they find out you're in communication with other people. So, they'll jump into the conversation by hiding those emails coming in or outbound so you don't see them. and they'll basically chime in on a conversation that you might be having with one of your partners, vendors that you do business with. For instance, what might happen is somebody sends you a invoice. You're going back and forth. What project is this for? Blah blah blah. All that good stuff. And then all of a sudden, somewhere in the conversation, they say, "Hey, uh, just so you know, we've changed banks. So, I need you to reroute the payment to this bank instead of where you normally send it." because a lot of times we're doing bank transfers, all those kinds of things rather than writing manual checks. This gets things moving a whole lot faster. So, what happens is the user knows this person, been dealing with this person maybe for years and just makes the change. Well, unbeknownst to them, they were in the other person's email and were imitating that person. So, you weren't really talking to the person you thought to. So now you just sent funds to somebody other than where you meant to send it. Meanwhile, you're none the wiser until that business partner vendor that you were working with sends you another email saying, "Hey, uh, we haven't been paid yet. Do you have an idea when when you're going to pay us?" And then of course it comes out, "What do you mean we paid you? We transferred it." "No, we never received it." "Well, well, you said to send it to a different bank and we did that. we never told you to send it to another bank and thus the compromise. Now, this is just one example of a business email compromise, but this is an example that we've seen lately costing anywhere from 16 on up to over $150,000 in loss. Now, you might be thinking, well, my my my bank will stand behind me. I'll get my money back. Well, no, because here's the deal. your employee or you actually transferred the money, right? So, they didn't break into your bank and steal the money. It wasn't the bank's fault that you transferred the money. So, the bank is not at fault for that lost funds. Now, let's say you had some protections already preset up with your bank where you required um two signatures on something to transfer funds. you required some other kind of rules and those rules weren't followed. Well, now you have something to go after the bank with, but there's really nothing else the bank can do uh because the odds of them getting that back are slim to none. Most likely those funds were transferred and then transferred and then transferred and then transferred. So, you got to be very careful. So, what are some things that we can do to protect ourselves from these business email compromise? Well, first and foremost, we're always talking about it is of course on the cyber security side of things, right? So, we want to make sure we're training our employees. Things still get busy. People are still constantly being interrupted with different things and they need to pay attention to what's going on. So, by doing this training, we can reinforce what they should properly do when they see certain things, right? We want to set up that two-factor authentication. So, we want to make sure that if their account is somehow compromised, the person on the other side needs to have that two-factor token, that code put in. Now, this is not a guarantee of anything because sometimes those tokens can be stolen. Stolen how is the user again clicks on that email, opens an attachment, uh whatever might happen, it looks like a Microsoft prompt because it's a made to look like a Microsoft prompt. So they type in their username, password, and their 2FA code and basically you just gave it to the attacker. They passed it on to Microsoft. So you successfully logged in, but they've now stolen that token. Once they get that token, they can reuse it for a limited time to get into your account and away you go. So another thing we can do is put in some uh session token hijacking protections in place, right? One of the biggest ones that you can do that doesn't take anything but time is some policies and procedures around this type of attack. So for instance, if a vendor asks you to change bank routing information on where you send money to, maybe internally you require two people to sign off on that before that's done, right? Maybe even after two people, one of those two people pick up the phone and call the number you have for that person, not what might be in the email. Again, the attacker could have put any information at all in the email. If you reply back to the email, they're of course going to say, "Yes, this is legit. Please send it. This is me. What are you talking about?" If you call the phone number, it may be redirected number to them. So, you want to pick up the phone and call the number you already had previously for that contact. and you call them and verify that. Now, this is also true on the employee side because the similar scam that happened before is people would redirect their um automatic deposits for their payroll, right? So, somebody posing as one of your employees would say, "Hey, I change banks, send my paycheck here." So again, you want to have a policy and procedure in place to maybe physically have that person come to your office, fill out a written form that they have to physically hand to you in order to make that change. That would protect you from these types of attacks. And of course, another one is just remember when things happen out of the ordinary. So manage by exception. So when those exceptions happen, slow down and think it through. All right. As always, if you have any questions about business email compromise attacks to your email or any other kind of cyber security related event, please give us a call at 760-770-5200.