There's no arguing against the increasingly sophistication and severity of cybercriminal activity in the current threat environment. Now, hackers are going the extra mile to carry out advanced strategies for invading and stealing data and other assets from businesses of all sizes. In today's cyber landscape, the corporate communications that take place within an enterprise's unified communications platform could be more at risk than ever before, particularly considering the increasingly dangerous risk of business email compromise.
Threats only increase
As we noted in this blog, there are several attacks that cybercriminals leverage directly in connection with enterprise email. After all, this is one of the most popular communication solutions within business today, allowing employees to share information, files and other assets and easily collaborate with one another.
"More than 205 billion emails are sent and received each day. "
According to statistics from Radicati researchers, email use will only rise in the near future. Currently, many individuals have multiple email accounts for work and personal purposes, and more than 205 billion emails are sent and received each day. By next year, this figure will surpass 246 billion emails.
Because every organization from large enterprises to small startups rely on email, it is increasingly attractive to hackers.
Business email compromise: What is it and how does it work?
One of the most pervasive threats today is business email compromise (BEC). As security firm Barkly contributor Ryan Harnedy explained, these are phishing-style attacks wherein hackers take efforts to accurately pose as a legitimate member of the company, or a vendor or partner. This can include utilizing an email address that is strikingly similar to an actual employee's email, and using convincing language and other strategies to trick recipients into sending funds via wire transfer, or other sensitive data.
The difference between BEC and other phishing attacks is that hackers take considerable efforts to ensure that these events are highly targeted, and that emails appear real.
"Cyber criminals will scrape compromised email inboxes, study recent company news, and research employees on social media sites in order to make these email attacks look as convincing as possible," Harnedy wrote. "This high level of targeting helps these email scams to slip through spam filters and evade email whitelisting campaigns. It can also make it much, much harder for employees to recognize the email is not legitimate."
Examples of BEC strategies
BEC can come in several different forms. According to Tripwire contributor and security industry expert John Cloonan, some of the most commonly used BEC styles include:
- Posing as an executive: Numerous BEC victims have reported that the attack began with an email from a company executive urging a wire transfer. In this style, hackers will compromise an executive's email account, or use a spoofed email to send a message to an accountant, CFO, financial controller, or another subordinate. The email includes directions to submit a wire transfer, where funds are actually sent to cybercriminals as opposed to a legitimate party. Other versions include a spoofed email message from a hacker posing as the CFO, urging another employee to send a wire transfer at the request of the CEO. The use of an executive's email, or an address that closely resembles it, encourages the victim recipient to carry out the transfer, as they're following orders from their boss.
- Modifying invoices: Another approach includes compromising or spoofing the email of an employee within the company's accounting department, and then monitoring the activity in order to mine vendor and invoice information. Hackers are able to access legitimate invoices and adjust the information to include a fraudulent routing and account number. From here, the criminal creates a spoof email similar to that of the vendor, explaining to the victimized company that the vendor has adjusted its payment processes, and including the modified invoice. The businesses that was originally hacked then processes the fraudulent invoice, believing it to be from their actual vendor.
- Creating a fraudulent acquisition: Hackers have also been known to go so far as to fabricate a secret business acquisition, spoofing an executive's email and sending a fraudulent message to an employee. The attacker stresses the sensitivity of this secret acquisition, making the victim recipient feel privileged to be a part of the conversation. The hacker then requests that the employee send a wire transfer, according to the instructions provided by the attorney overseeing the acquisition. Again, funds are sent to the attacker under the guise of following executive orders.
The common veins among these strategies are attention to detail by hackers, and sophistication to prevent employees from questioning the emails.
"The requests for wire transfers are well-worded, specific to the business being victimized, and do not raise suspicious to the legitimacy of the request," The FBI explained.
Guarding against BEC
Unfortunately, BEC schemes are only proving to be more successful for hackers. ThreatPost reported fraudulent wire transfers related to email phishing have increased by more than 2,000 percent since 2015, and companies across the globe have lost more than $5 billion in the last five years.
Thankfully, there are some steps that businesses of any size can take to better safeguard their email and unified communications systems. First and foremost, awareness and education are key. Employees must be trained about the severity and danger of BEC attacks, as well as how to spot a fraudulent message.
In addition, Cloonan suggested ensuring that employees confirm all wire transfer requests with their executives via a separate email chain. Before responding to requests, or carrying out the transfer, workers should create a new email and be sure to enter the correct email address – or contact their supervisor by phone or in person – and directly confirm the request ahead of taking any kind of action.
It's also important to have a malware detection solution in place to safeguard the corporate email solution. Many BEC schemes begin with malware designed to allow hackers to access email accounts, and preventing this unauthorized access could help nip the attack in the bud.
To find out more about protecting your email and unified communications technologies, connect with the experts at Teo Technologies today.