Scammers carefully study for a long time and watching their potential victims and their organizations in the next few months. Cybercriminals are tracking the behavior of employees and upcoming transactions. Main purpose-promotion, venture capital and accounting
Researchers at Check Point reported that a massive shift in work from home motivates hackers to steal via wire transfers. As all use e-mail for their work, hackers use fraud in corporate correspondence, or as it is called, BEC (Business Email Compromise) Scam.
BEC Literally translated as “compromise business e-mail”, and is a variety of fraudulent schemes that use wire transfers. BEC usually starts with cyber criminals who hack corporate e-mail and fake e-mails to impersonate one of the top managers, usually the General or financial Director.
hackers Sometimes pretend to be vendors. Once inside the corporate network, the cybercriminal asks a seemingly legitimate payment. The email looks very plausible, and it seems that it is received from the head, so the employee is subject to. Usually, attackers seek the transfer of money or checks are deposited. Not knowing this, the employee transfers the funds to the selected Bank account, which belongs to hackers.
In the case of BEC-attacks attackers use social engineering tactics to trick unsuspecting employees and managers. As has been said, they imitate the role of a CEO or any other Director authorized to make or request electronic transfers. In addition, the fraudsters are thoroughly investigating the behavior and long are watching their potential victims and their companies, tracking all the upcoming transaction.
Usually, such Scam was carried out by one person. Recently, however, researchers Check Point to note that these scams are becoming increasingly sophisticated, and klassificeret them as organized crime. In April 2020, researchers at Check Point have published an article about how they uncovered a scheme in which cyber gang, which the researchers called “a Florentine banker”, has saved 1.3 million dollars between the three private joint-stock companies. For several months members of the group studied emails of his victims by manipulating the correspondence, registering similar domains and immediately cashing out the money. Emergency intervention Check Point Incident Response led to the recovery of slightly more than half of the amount stolen, the rest were lost forever.
the Main objectives of cybercriminals – stocks, venture capital and accounting
the Researchers believe that commercial organizations and venture companies are the main objectives of BEC-attacks because hackers know that large organizations often transferred considerable sums of money. Therefore, these organizations need to understand how hackers can take advantage of them. What stages can be identified in such an attack?
Observation. After the attackers will get control of the account email of the victim, they begin to read e-mails. Cyber criminals can spend days, weeks, or even months, doing reconnaissance, patiently mapping the business models and standard procedures before actively intervene in armeniacentric and insulation. The attackers start to isolate the victim from third parties and colleagues, creating malicious rules mailbox. These e-mail rules forward any emails from the filtered content or themes in a folder monitored by hackers, effectively creating an attack “man in the middle”.A similar setting. The attackers are registering similar domains, the ones that are visually similar to the legitimate domains of the persons involved in the correspondence that they want to intercept. The attacker nucinet to send e-mails with similar domains. They either create a new conversation or continue an existing one, thereby tricking the target into believing that the message source is legitimate.A request to transfer money. The attackers begin to enter information about your Bank account using two methods:Intercept common, legitimate perevozbuzdenie new requests to the Bank periodperiod money. Cyber criminals are in control of the conversation, while the third party does not approve the new Bank details and confirm the transaction. If the Bank rejects the transaction due to mismatch in the currency of the account, name of the recipient or for any other reason, attackers try to quickly correct all the errors until the money gets into their own hands.
“We are in the midst of a massive paradigm shift in hacking activity. Hackers use all the benefits from the fact that most of the people now working from home. We consider BEC of fraud as part of this broad trend, – said the head of threat analysis Check Point Lotem Finkelstein. – If you work, run or own a business or organization, especially one that is fairly well known and translate large amounts of money, you should know that you are the target of such attacks. When you work from home, someone can control and manipulate your every email, especially if you’re the person in the company, which is responsible for monetary transactions. We feel obliged to inform businesses, especially financial institutions, about this fraud and how they can stay safe. We expect in 2020 and in the future, attackers will have more opportunities, given the prevailing culture of work from home.”
Here are a few tips on how to protect your organization from BEC-attacks:
Enable multi-factor authentication for accounts business mail. This type andautentifikatsii requires entering several pieces of information to log into the system, such as a password. Implementing multifactor authentication makes access to e-mail employees cybercriminal.Do not open emails from unknown senders. If by chance you did, don’t click on links or open attachments, as they often contain malware that will get access to your system.Double check the email address of the sender. Fake email address often looks very similar to the e-mail address of colleagues or partners.Always check the requirement of translation before sending money or data. Develop standard operating procedure for staff to confirm requests via email for Bank transfer or confidential information.Select the option “forward” and not “reply”, replying to a business letter. When forwarding emails to the correct address must be entered manually or selected from the address book. Call forwarding ensures that you are using the correct email address of the recipient.