URGENT, ACT. RQD: Navigating Business Email Compromise

URGENT, ACT. RQD: Navigating Business Email Compromise
Simon Tame
Read More From Simon Tame
April 4, 2016 | 3 Min Read

Call me phishmail.

Whaling ­– also known as CEO fraud and business email compromise (BEC) – is a type of scam whereby attackers spoof company executives, either by the compromise of that executive’s email account or through the use of typo-squatting (domains registered that look similar to legitimate company domains) in order to socially engineer their targets. Last year we observed an uptick in reports of the use of BEC by threat actors and, more recently, the use of this method has evolved to open up new avenues for cybercriminals to exploit.

At first, BEC was repeatedly used in order to persuade employees in financial teams to conduct “urgent” wire transfers to bank accounts controller by the attackers or their associates. A few examples of this were reported publicy, including the $47 million loss suffered by Ubiquiti Networks and the $1.8 million by Samson Resources Corporation – but there is an obvious caveat here: not all companies will admit  – at least publicly – that they were the victim of this type of scam. Turning to the Federal Bureau of Investigation’s statistics shows that, between October 2013 and August 2015, BEC was accountable for $747 million (both attempted and actual losses) stemming from 8,179 businesses.

Aside from socially engineering company employees to send them large sums of money, cybercriminals have used BEC to extract information from their targets. Take, for example, the tax season in the United States. Figure 1 shows us that, about a month before the tax return deadline in the United States, reporting started emerging of companies being targeted for details on their employees, including social security numbers and W-2 forms (tax forms). This information was likely to have been targeted by cybercriminals for use in fraudulent tax returns.

On March 16, 2016, it was reported that BEC was used to deliver emails that contained malicious attachments. Specifically, a keylogger – capable of recording keystrokes on an infected machine – was delivered to recipients.

The reporting can show us a few things. Firstly, it shows us that cybercriminals use tried and tested methods with substle shifts in tactics in order to achieve their ends. From financial transactions, to information theft and then to the delivery of malware, BEC has provided a bountiful catch for cybercriminals trawling the high seas of the internet. Secondly, the reporting shows us that there are certainly more use cases for BEC. For example, there are almost no limitations for a cybercriminal that wishes to use BEC in order to extract other sensitive, confidential or proprietary information. Finally, the reporting shows us that we need to be aware of these methods and act accordingly.

Whaling Timeline

Some BEC attempts rely on the use of typosquatted domains in order to trick recipients into believing they received an email from someone within the company. These emails can be difficult to spot and require awareness on the part of both the employer and the employee. However, by monitoring threat actor activity, organizations can be made aware of such methods. Organizations can use this awareness to make better informed decisions about their security and provide awareness to their employees.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Targets and Predictions for the COVID-19 Threat Landscape

Targets and Predictions for the COVID-19 Threat Landscape

January 14, 2021 | 7 Min Read

Note: This blog is part of our ongoing...
Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

Tracing the Rise and Fall of Dark Web Marketplaces and Cybercriminal Forums

January 13, 2021 | 9 Min Read

It’s often the case that a sequel to a...
ICYMI: SolarWinds Compromise Update

ICYMI: SolarWinds Compromise Update

January 8, 2021 | 7 Min Read

Note: This blog is a follow-up of our...
Looking back at 2020: A Year in Review

Looking back at 2020: A Year in Review

January 6, 2021 | 8 Min Read

2020 is truly an extraordinary year (and...