Recently, we were contacted regarding two different incidents of Business Email Compromise (BEC), where there was an attempt to redirect wire transfers from individuals to another bank account. One was successful and the victim lost six figures, one was interdicted because of an attentive individual who picked up the phone to ask, “Uh, are you sure this is right?” This kind of fraud is increasing and are more specifically targeted towards smaller firms and individuals trying to redirect high-dollar transactions.
The general, high-level pattern is that the criminal compromises a website and sets up a fake cloud-email login page. (Office365, Gmail, etc.) They then e-mail real estate brokers, real estate attorneys, investment advisors, title companies, etc. trying to trick them to give up their login credentials. If successful, they log into those accounts and set up email forwarding rules to monitor emails back and forth. When they see a potential transaction, they set up some fake email accounts impersonating the individuals involved. Now, when wiring instructions are sent, they follow up that email with a “correction” with new wiring instructions.
If the victim falls for it (and no one picks up the phone to verify the details or the changes), the money is wired. By the time the closing is due to take place, the money is long gone and the victim is in a massive world of hurt. People are defrauded daily, and, on occasion, they have been told their life savings is gone. The reality is, the people who were breached are almost never the end consumer, they are these small to medium business who likewise cannot afford to make a victim whole.
There are several things SMBs could have done in these scenarios to protect themselves:
- Always verify wiring instructions outside of email, especially when changes are involved. E-mail is insecure and insecurable, using it for these transactions without verification is dangerous.
- Enable two-factor authentication for your email service. This way if attackers steal your password, they aren’t able to login to add forwarding rules.
- Implement SPF, SKIM and DMARC for your domain. These security features help prevent spoofing of your email address and is compatible with most third-party email providers.
- Use strong endpoint protection/anti-malware solutions on your devices.
- Configure your network devices (firewall and DNS resolver) to block known bad infrastructure that engages in phishing.
ThreatSTOP operationalizes threat intelligence to block phishing, business email compromise, ransomware and a variety of other threats. Plus, it’s priced for SMBs. To learn more about how we can protect your SMB at an affordable cost, check us out below. We offer a free, 14-day trial or you can request a quick demo.