Cybercriminals are improving their social engineering skills to target online retailers with sophisticated business email compromise (BEC) scams, according to Rafael Lourenco at Business.com.
Lourenco says that these attacks are “the grown-up, more professional, harder-to-spot versions of yesteryear's amateurish phishing scams, and they are on the rise because they work.” BEC scams come in a number of different forms, including executive impersonation, invoice fraud, and payroll scams.
Executive impersonation—aka CEO Fraud—is when an attacker gathers information about a high-ranking employee, sometimes after hacking their email account, and then poses as this executive to send an urgent request for a money transfer to another employee at the company.
Invoice fraud involves the impersonation of an organization’s third-party vendors to request payment for services rendered. Google and Facebook recently lost a combined total of $100 million to this type of scam. Lourenco adds that “while it's tempting to think that small merchants won't attract invoice fraudsters, cybercriminals are always looking for vulnerable targets to exploit, regardless of size.”
In payroll scams, criminals send emails to an organization’s HR department under the guise of an employee, and request that their paychecks be sent to their new bank account. The IRS says that these scams are typically only discovered when an employee realizes they’ve missed a paycheck.
“What all these schemes have in common is deception – impersonating someone the recipient trusts,” Lourenco writes. “Another common factor is that these scam emails don't contain malicious links or attachments, so they often make it past spam filters.”
Lourenco says that organizations need to train their employees how to spot suspicious emails and requests, and then report or verify them before taking action. New-school security awareness training can teach your employees to treat every email with caution. Business.com has the story:
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser: