CyberheistNews Vol #5 #53 Despite Warnings, CEO Fraud Scams Still Successful And Growing



In the last few months, law enforcement has warned repeatedly about a new scam that is rapidly expanding. The FBI calls it "Business Email Compromise" (BEC), but it is better known as "CEO Fraud."


CyberHeist News
Despite Warnings, CEO Fraud Scams Still Successful And Growing
Stu Sjouwerman

In the last few months, law enforcement has warned repeatedly about a new scam that is rapidly expanding. The FBI calls it "Business Email Compromise" (BEC), but it is better known as "CEO Fraud."

Now Symantec is sounding the alert. They have a service called Email Security Cloud and they are seeing these types of spoofed CEO emails trending up.

"BEC attackers target senior-level employees rather than consumers as it’s easier to scam them out of large amounts. In one incident, we observed the scammers asking the target to transfer over 370,000 dollars. By requesting large amounts of money, the scammers only need to be successful a couple of times to make a profit," Symantec researchers explained.

They continued with: "The FBI estimates that the amount lost to BEC between October 2013 and August 2015 was over 1.2 billion. With such huge returns, it’s unlikely that these scams will cease any time soon."

C-level employees, especially CEOs and CFOs, have to be aware of the various techniques the scammers are using to trick them into wiring out large amounts of money.

Crafting The Email

BEC emails typically have the same format, the email poses as a message from the targeted company’s CEO. This is done using one or more of the following methods:

  • Compromising the CEO’s email account
  • Spoofing the CEO’s email address
  • Using a form of typo-squatting where the email address uses a domain which resembles the targeted company’s actual domain (e.g. myydomain.com vs mydomain.com). These domains are often registered on the same day that the email is sent.

The scammers use a few simple tricks to try and avoid arousing suspicion. The emails often state how the CEO is traveling or is in a meeting and can’t accept phone calls. Many of the emails have "sent from my iPad" appended, to suggest the sender is on the road or excuse typos in the message.

The scammers know their targets: the names and email addresses of executives can often be found on the company website or on LinkedIn. Sometimes the emails will be short and simple ("I need you to initiate a wire transfer for the company, confirm if you can process it today so I can forward you the instructions", signed with the name of the CEO), sometimes they are much longer and sophisticated. (link with screenshots on the KnowBe4 Blog:)
https://blog.knowbe4.com/despite-warnings-ceo-fraud-scams-still-successful-and-growing

What To Do About It

Symantec stated: "User education is the most effective means of protecting companies against BEC scams." We could not agree more. Here are a few hints and tips you can send to your Accounting department, and cc your CEO while you are at it.

  • Double-check any emails that request actions which seem unusual or aren’t following normal procedures. Make it OK to "query" wire transfers higher than a secret agreed-upon amount.
  • Verify the email via a different medium, for instance the phone or fax.
  • Use two-factor and/or two-person authentication to make wire transfers.
  • Grab this updated version of our Social Engineering Red Flags PDF, print and laminate it, and give it to everyone. There is no charge:
    https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeringRedFlags.pdf

If you believe you have been a victim of CEO Fraud, notify your financial institution as fast as possible (24 hours is already on the late side to try to claw back wire transfers) and report the fraud with your local law enforcement agency for later insurance and legal procedures. Remember that ounce of prevention...

Ammo For 2016 IT Security Budget: New
KnowBe4 VIDEO

Check out this new video that was created for you to send to your C-Level execs as ammo, get more 2016 IT security budget and turn those unruly end-users into your first line of defense. And please, share it with your friends!
https://www.youtube.com/watch?v=DrgDQeGGb_8&feature=em-subs_digest

Do A Unique No-Charge "Star Wars" Phishing Security Test

You can now find out what percentage of your employees will fall for a highly popular "current event": the release of the new Star Wars movie.

The bad guys are attacking with a variety of Star Wars scams, and there is no better time to do this unique phishing security test than right now.

Today, phishing your own users is just as important as having antivirus and a firewall. Why? If you don't do it yourself, the bad guys will.

Take your first step now to significantly improve your organization’s defenses against cybercrime. Fill out the form, and you will be able to immediately start your Free Phishing Security Test.

https://info.knowbe4.com/phishing-security-test-2

Warm Regards,
Stu Sjouwerman

Quotes Of The Week

"Dare to think for yourself."- Voltaire - Philosopher and Writer

"The man who has accomplished all that he thinks worth while, has begun to die."
- E. T. Trigg


Thanks for reading CyberheistNews

Security News
This Week's Five Most Popular HackBusters Posts
    1. New ibuprofen skin patch to deliver 12 hours of pain relief:
      http://www.hackbusters.com/news/stories/482002-new-ibuprofen-skin-patch-to-deliver-12-hours-of-pain-relief-cnet

    2. Hacker-Friendly Search Engine that Lists Every Internet-Connected Device:
      http://www.hackbusters.com/news/stories/484565-hacker-friendly-search-engine-that-lists-every-internet-connected-device

    3. Anonymous Declares War On Donald Trump:
      http://www.hackbusters.com/news/stories/485426-anonymous-declares-war-on-donald-trump-optrump

    4. GTA 5's next complimentary expansion announced, not coming to Xbox 360/PS3:
      http://www.hackbusters.com/news/stories/483992-gta-5-s-next-free-expansion-announced-not-coming-to-xbox-360-ps3-cnet

    5. Government Could Hack Children's Toys to Spy on You:
      http://www.hackbusters.com/news/stories/484455-government-could-hack-children-s-toys-to-spy-on-you
Phishing Scam Hits Middlesex Hospital In Connecticut

Middlesex Hospital in Connecticut may have inadvertently allowed the personal information of almost 1,000 patients to be compromised through a phishing scam. In October four hospital employees were victimized by a phishing campaign. The information involved includes the patients name, address, date of birth, medical record number, medication, date of service and the date of diagnosis. The compromised information did not include Social Security numbers or any access to a person's full medical records. Read the full article here and don't be that guy:
http://www.scmagazine.com/phishing-scam-hits-middlesex-hospital-in-conn/article/458813/

Inoculate Employees Who Fall for Social Engineering Attacks

Despite all the funds you may have spent on state-of-the-art security software, the bad guys are just one gullible user click away from staging an all-out invasion. This white paper provides a clear direction on how to go about improving your organization's security posture by "inoculating" employees who fall for social engineering attacks. Download now:
https://info.knowbe4.com/whitepaper-employee-worst-best-practices-enterprise-security

Use MS RDP or Citric XenApp? ServerVision Is A Tool You Might Like

This is something totally different from what I normally write about, but I had a look at the new ServerVision, and I think you would like it. This is complete monitoring and reporting for Microsoft RDP and Citrix XenApp. Looks like ServerVision is the new go-to tool for RDP, Citrix and VMware Horizon View monitoring if you use any of these platforms.

You can monitor CPU, memory, latency and bandwidth consumption by session to proactively spot trouble points. Moreover, you can manage active sessions and monitor user time to optimize server capacity. Other features are tracking and managing your SPLA licenses to stay in compliance, and support users with remote assistance, shadowing and recording of user sessions. The price is a steal, just 99.00 dollars per server, with volume discounts if you run more servers. You can download the fully functional trial here. Check it out:
www.servervision.co


Cyberheist 'FAVE' LINKS:
This Week's Links We Like, Tips, Hints And Fun Stuff



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews