Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    FBI: Scammers Take Business Email Compromise Attacks to Virtual Meeting Platforms

    FBI Scammers Business Email Compromise AttaacksIn a new twist on an old scam, BEC attacks switch from email to a virtual meeting where social engineering tactics are used to further establish credibility and increase the likelihood of a successful scam.

    Historically, BEC scams were comprised of a threat actor impersonating the owner of a compromised email account for the purpose of stealing information, committing fraud, or a myriad of other attack actions. But a new FBI advisory warns of BEC scams that involve either inviting users to virtual meetings or attending meetings as the compromised user. In cases where the compromised user is in a position of authority, scammers seek to get attending employees to carry out instructions. According to the advisory, virtual meeting platforms are being used in several ways:

    • Compromising an employer or financial director's email, such as a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or "deep fake1" audio, and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
    • Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business's day-to-day operations.
    • Compromising an employer's email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.

    Employees that undergo continual Security Awareness Training are far more vigilant when normal business activity goes awry and becomes downright suspicious (as in the case of the fake CEO not having any audio and asking for the transfer of funds).

    It’s no longer just being mindful of phishing attacks; employees need to be educated to maintain a constant state of awareness whenever any form of unexpected communication – especially those involving money – are made.

     

    Return To KnowBe4 Security Blog

    Get Your CEO Fraud Prevention Manual

    CEO-Fraud-Prevention-Manual-WP-FannedCEO fraud has ruined the careers of many executives and loyal employees, causing over $26 billion in losses. Don’t be the next victim. This manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.

    Get Your Manual

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/ceo-fraud-prevention-manual

    Topics: Social Engineering, CEO Fraud

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews