Business Email Compromise (BEC) schemes have been growing exponentially since 2013. Since January 2015 alone, according to a June 2016 public service announcement from the FBI Internet Crime Complaint Center (IC3), there has been a 1,300 percent increase in losses. These schemes are quite simple in execution and are all focused on one thing – to compromise business accounts in order to facilitate unauthorized fund transfers to fraudulent accounts around the world. These campaigns are global reaching all 50 states and more than 100 countries. Actually, according to Trend Micro’s global smart protection network, we identified the top five countries affected by BEC campaigns in the first six months of 2016: 1) United States; 2) United Kingdom; 3) Hong Kong; 4) Japan; 5) Brazil.
Why they work?
BEC scams rely on the basic exploitation of trust that organizations rely upon for day-to-day financial operations. The techniques employed by these criminals are designed carefully to deceive victims through social engineering and well-researched information about their victims. Most of the time, criminals behind these scams are able to impersonate people who have access to a company’s finances from the CEO, managing director, CFO or even a financial controller. Based on Trend Micro’s monitoring from January 2016, we observed that BEC scams impersonated CEOs through business emails to target CFOs more than any other two positions in a company, 31 percent and 40 percent respectively. The ultimate goal for these attackers is to deceive their victims in these emails to wire transfer hundreds of thousands, if not millions, of dollars to fraudulent bank accounts.
BEC scams are usually devoid of malware, however as we reported in our 2014 reports on BEC scams, we identified keyloggers like Predator Pain and Limitless being used in BEC campaigns. These criminals use keyloggers and other forms of malware in BEC campaigns to compromise personal and business email credentials to steal confidential information to further their attacks. In doing so, they gain access to legitimate email threads they can use to ensure they are successful in producing fraudulent wire transfers. Regardless if organizations have or do not have the well-developed technical and operational security controls to prevent these attacks, criminals are still succeeding at alarming rates.
Who is behind these attacks?
According to FBI reporting, the criminals behind these attacks are believed to be members of organized criminal networks from Africa, Eastern Europe and the Middle East, that primarily target businesses that work with foreign suppliers or regularly perform wire transfer payments.
In August of this year with the assistance of Trend Micro threat researchers, INTERPOL and Nigeria’s Economic and Financial Crime Commission (EFCC) arrested a 40-year-old Nigerian national who was the mastermind behind multiple BEC scams. This criminal and his network of cybercriminals from Nigeria, Malaysia and South Africa are believed to have made more than US$60 million in profits from various companies, with one victim alone losing more than US$15 million.
What can you do?
The best way to defend against BEC scams is developing and deploying an effective executive training program and roling out operational and technical security solutions that will help identify and prevent threats before and after they reach the inbox.
Educated executives and their direct reports are the best defense against BEC scams, so businesses must enact best practices for them to follow. Some of these best practices may include creating detailed awareness training for employees of ongoing BEC attack trends and strengthening and testing financial procedures making their organizations harder targets.
Even though most BEC scams do not involve malware, fortifying the email gateway is critical not only to detect emails with malicious links or attachments but also to flag social engineered emails using machine learning tools to effectively block malicious messages.
The following are more detailed protective strategies provided by the FBI.
The email security capabilities of the Trend Micro User Protection and Network Defense solutions can block email messages used in Business Email Compromise attacks. Also, the endpoint solution capabilities in these products can detect advanced malware and other threats stemming from BEC scams.