The global risk of compromised emails is on the rise and should be a concern of every business organization. Some industries are targeted more often, but if your business uses email, you need to be aware of the risk and what the threat entails. To understand the risk, we need first to understand what a compromised email is and how it occurs. These risks are real and have been the cause of great financial destruction for many companies.
A Business Email Compromise (BEC) is precisely as the name implies. It is when an organized crime group or individual hacker gains access to your email through deception with the use of spear-phishing, identity theft, email spoofing, malware, social engineering and even brute force. The groups engineering these attacks are sophisticated groups who many times employ hackers, social engineers, lawyers, and linguists and have the art of con and deception down to a science. They know who to attack and the correct method to break-in to an otherwise secure system to get where they need to be to gain trust or the force to get to their end goal.
These criminals first identify a target. The targeted business may be large, small, well-known corporations, non-profits, schools or churches. They do not discriminate. They are solely looking for an opportunity to gain access to someone who has access or authority to help them reach their objective. Once the target has been identified, the grooming process begins. Phishing emails and/or phone calls target the victim to gain trust or access. Many times, there may be malware embedded in the emails which allow the criminals to gain access to the company’s network. Now, undetected, the criminal may spend weeks or even months studying the company’s clients, vendors, billing systems, communication styles, and even travel schedules. Like earlier stated, these are calculated attacks which are making educated business people their victims!
If money is the objective and most commonly it is, the process that follows is typically a similar path. Once all systems are thoroughly evaluated, and the ideal method and timeline is determined, a communication that requests a transfer of funds electronically is sent. These communications are typically done by email with such perfected language and authority that it seems like a legitimate request. As this seems like real request, wiring information is provided, and just like that, a wire transfer has been completed, and funds are now in an account controlled by the crime group and are typically untraceable. Money generally is the end goal for these crime groups although data and information can also be the target. Similar to the attack announced this week regarding the Chinese government stealing information from schools like MIT and the University of Washington.
If you think you couldn’t be a target, you are wrong. We are all at risk if your company uses email and exchanges money in any fashion, which includes most all of us! These attacks are smart, calculated and expert masterminded. These aren’t dummies dealing with dummies! These are highly intelligent criminals victimizing highly intelligent business people. To learn more about the risk of BEC and how to avoid becoming a victim, follow this month’s Pendello blogs and as always, reach out to our business technology associates. Our Pendello team of experts specialize in security and have the expertise and experience to help educate your team to help prevent the devastation that these attacks can cause.