Saturday, March 6, 2021
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Blog

Business Email Compromise(BEC) AKA Wire-Wire

Cybersecfill by Cybersecfill
July 19, 2019
in Blog
0
Business Email Compromise

Source: https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise

Share on FacebookShare on Twitter

Business Email Compromise Scam

What is Business Email Compromise Scam?

Business Email Compromise (BEC) Scam popularly known in Nigeria as “wire-wire” is a type of scam targeting companies that conduct wire transfers. Often, attackers impersonate the CEO, CFO or any executive in the company authorized to do wire transfers.

They do this either by spoofing or hijacking their official email accounts and using it to divert payment or initiate fraudulent wire transfers to an account controlled by the fraudsters.

BEC scam targets companies of all sizes and even the most tech-savvy companies in the world can fall victim. Tech giants Google & Facebook once transferred a total of $123 million to the account of a Lithuanian man after he tricked both companies with an elaborate two year BEC scam.

How Cyber-Criminals Conduct Wire-Wire Scams. 

BEC attacks typically rely on spear-phishing tactics to compromise official email accounts of unsuspecting employees particularly c-level executives.

Email accounts are often hijacked by infecting the victim’s computer with a spyware keylogger which records & sends to the attacker every keystroke the victim types on their keyboard thus eventually revealing their email login details.

The attacker then monitors the compromised email accounts studying the company’s processes, employees, vendors etc. This usually takes the attacker several weeks or even months enabling them to determine how money moves through an organization and which individuals in the company are responsible for such transactions.

After this, an attacker can then choose to;

  • Intercept an ongoing transaction with a customer and request for payment to be wired to an alternate fraudulent account.
  • Impersonate the CEO or CFO and request for funds to be wired to an account they control. This is also known as CEO fraud.

While there are several other variations to the BEC scam, the underlying concept remains the same which is to hijack a business email account and redirect legitimate wire transfers to a fraudulent bank account.

This attack has proven to be extremely successful because Nigerian cybercriminals do not need to be very technical as they can find tools and services that cater to all levels of technical expertise in the cybercriminal underground.

A recent report from the FBI shows that losses from these type of attacks almost doubled in 2018 to reach $1.2 billion. This figure excludes other hidden costs such as loss of revenue due to damage to the company’s image and reputation.

Countermeasures Against Business Email Compromise

  • Always be wary of phishing emails – Just a single wrong click or download could lead to total system compromise. Be cautious of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency.
  • All unexpected requests for money or invoice payments should always be confirmed verbally.
  • Always maintain a healthy dose of scepticism.

Taking several safety measures may seem a bit inconvenient but surely a little inconvenience definitely beats losing your hard-earned money to cybercriminals.

About Author

Chinua Katchy is a Cybersecurity Engineer working at Layer3. He is very passionate about cybersecurity and specializes in areas such as Vulnerability Management, Penetration Testing and Incident Response.

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Tags: Business Email compromiseCybercrimecyberintelligenceGoogleHackingNigeria
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog aimed at sharing cybersecurity news, articles ,blog and opinins.

Next Post
Cybersecurity in Africa

Cybersecurity In Africa - The Way to Go!

0 0 vote
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments

Subscribe

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

  • Trending
  • Comments
  • Latest
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

July 1, 2019
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

6
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Smart Phones…. Prime target for Cybercriminals!

Smart Phones…. Prime target for Cybercriminals!

March 5, 2021
Insider Threat!!!

Insider Threat!!!

March 4, 2021
5G Dangers: What are the Cybersecurity implications?

5G Dangers: What are the Cybersecurity implications?

March 1, 2021
Key Differences Between Firewall And Antivirus

Key Differences Between Firewall And Antivirus

February 27, 2021

Recommended

Smart Phones…. Prime target for Cybercriminals!

Smart Phones…. Prime target for Cybercriminals!

March 5, 2021
Insider Threat!!!

Insider Threat!!!

March 4, 2021
5G Dangers: What are the Cybersecurity implications?

5G Dangers: What are the Cybersecurity implications?

March 1, 2021
Key Differences Between Firewall And Antivirus

Key Differences Between Firewall And Antivirus

February 27, 2021

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply