Business Email Compromise appears to be back in the saddle again, as attackers use simple social engineering and domain impersonation to trick victims into paying up.
In the midst of adjusting to working-while-COVID, ransomware seemed to be at the forefront of attacks. But new data from Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise has recently grown in interest over the last quarter.
According to the report:
- Overall BEC attacks increased 15%
- Energy/Infrastructure industries experienced a 93% increase in attacks
- Group mailboxes as targets increased by 212% while target individuals in the finance department have dropped by 53%
It’s evident that the cybercriminals behind these attacks are thinking organizations are doing better financially, and have shifted their tactics to try to find an unwitting internal accomplice within the victim organization to assist with the fraudulent inquiries.
The rise in interest in invoice/payment fraud scams is likely due to its ease of execution. Take a look at the example below from the report:
By sending this to a group mailbox assigned to Accounts Payable, it’s far less necessary to appear credible to an individual, as it’s reasonable that not everyone in your AP department knows every one of their counterparts at a partner organization.
Throw in a dash of good old fashioned domain impersonation to make the email appear real, and you can see how it would be easy to convince someone in AP to change the bank accounts used for payment.
Users within your AP department need to be instructed to use a verification protocol anytime a request to change banking details is made. This should be done using a communications medium other than the one the request was made through, and should use known contact details rather than any provided within the request. Additionally, users involved with any form of managing the organization’s finances should be enrolled in Security Awareness Training to help increase their alertness when it comes to potentially-harmful emails like this.