Business Email Compromise Scam
Business Email Compromise (BEC) Scam popularly known in Nigeria as “wire-wire” is a type of scam targeting companies that conduct wire transfers. Often, attackers impersonate the CEO, CFO or any executive in the company authorized to do wire transfers.
They do this either by spoofing or hijacking their official email accounts and using it to divert payment or initiate fraudulent wire transfers to an account controlled by the fraudsters.
BEC scam targets companies of all sizes and even the most tech-savvy companies in the world can fall victim. Tech giants Google & Facebook once transferred a total of $123 million to the account of a Lithuanian man after he tricked both companies with an elaborate two year BEC scam.
How Cyber-Criminals Conduct Wire-Wire Scams.
BEC attacks typically rely on spear-phishing tactics to compromise official email accounts of unsuspecting employees particularly c-level executives.
Email accounts are often hijacked by infecting the victim’s computer with a spyware keylogger which records & sends to the attacker every keystroke the victim types on their keyboard thus eventually revealing their email login details.
The attacker then monitors the compromised email accounts studying the company’s processes, employees, vendors etc. This usually takes the attacker several weeks or even months enabling them to determine how money moves through an organization and which individuals in the company are responsible for such transactions.
After this, an attacker can then choose to;
- Intercept an ongoing transaction with a customer and request for payment to be wired to an alternate fraudulent account.
- Impersonate the CEO or CFO and request for funds to be wired to an account they control. This is also known as CEO fraud.
While there are several other variations to the BEC scam, the underlying concept remains the same which is to hijack a business email account and redirect legitimate wire transfers to a fraudulent bank account.
This attack has proven to be extremely successful because Nigerian cybercriminals do not need to be very technical as they can find tools and services that cater to all levels of technical expertise in the cybercriminal underground.
A recent report from the FBI shows that losses from these type of attacks almost doubled in 2018 to reach $1.2 billion. This figure excludes other hidden costs such as loss of revenue due to damage to the company’s image and reputation.
Countermeasures Against Business Email Compromise
- Always be wary of phishing emails – Just a single wrong click or download could lead to total system compromise. Be cautious of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency.
- All unexpected requests for money or invoice payments should always be confirmed verbally.
- Always maintain a healthy dose of scepticism.
Taking several safety measures may seem a bit inconvenient but surely a little inconvenience definitely beats losing your hard-earned money to cybercriminals.
Chinua Katchy is a Cybersecurity Engineer working at Layer3. He is very passionate about cybersecurity and specializes in areas such as Vulnerability Management, Penetration Testing and Incident Response.