Connect

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Join us Contact

BEC, a major fraud

16/07/19

A quick and easy way to generate a successful scam to managers and top management within organizations.
Reading time: 4 minutes

For quite some time now there has been a form of scam called "BEC", which stands for "Business Email Compromise" or "Business Email Compromise".

 

It has been responsible for a huge number of frauds committed around the world, which have earned criminals millions of dollars in whatever currency is expressed; it involves the use of email to impersonate a contact known to the victim, either from an external organization or from the organization to which the victim belongs, in this case usually posing as someone more senior.

This form of fraud involves two main types of criminal activity:

  • Email address forgery
  • Email account compromise

E-mail address forgery

The first case consists of sending emails showing a different email address as the sender than the one actually used. This is possible because the SMTP protocol does not provide a mechanism for email address authentication. Thus, criminals can modify the header of an email so that it appears to have been sent from an address other than the real one. In fact, there are programs available on the Internet for sending fake emails, which allow this to be done very easily, without demanding any technical knowledge on the part of the attacker.

Note that this form of attack basically allows the sending of fake emails; for the attacker to receive the answers that the recipient can give, it is necessary that the emails sent have indicated that the answers are sent to an address as close as possible to the real one, controlled by the attacker, thus trying to deceive the victim.

By way of example, if a criminal tries to trick someone into believing that the person writing to them is writing from the address fulanodetal@empresa.com, they can manipulate the email to be sent by putting this correct address as the sender but making the reply be sent to the address fulanodetal@ernpresa.com, which will have been created by the attacker and will obviously be under their absolute control.

This form of attack allows the offender to partially control the communication, assuming the role of one of the parties, but having no control over what the impostor says or does. Although it usually gives "good" results to the attacker, it generates extremely confusing situations in which the attacker's emails intertwine with those of the real person, sometimes leading to the discovery of the deception in time.

Email account compromise

Complementarily, there is a variant that gives the offender much more control over the dialogues and actions and is usually much more difficult to detect; it occurs when the attacker manages to compromise an email account, getting the access credentials to it, from which he does not need to forge anything, since he controls the real account, or rather, he shares control of it with its owner.

This BEC variant usually targets the email accounts of executives and C-level or managerial staff. For this, the offender initially uses different attack techniques, such as social engineering, malware, keyloggers, as well as attacks of the aforementioned category (email address spoofing) with the ultimate goal of gaining access credentials to the victim's email account.

Once access is gained, among other things, the criminal can monitor emails, intercept emails containing payment instructions and modify bank details to direct funds to accounts under their control.

In general, if a criminal gains access to an email account, he can do more than just access the email. Among other things, they can:

Create rules for reading, replying, deleting and forwarding emails to a subfolder, so that the victim doesn't notice.

  • Monitor agreements and payments.
  • Send emails and then delete them from the sent folder.
  • Remove warnings from the security and technology area.
  • Learn about the victim's writing style, greetings used and key words.
  • Download real documents for editing and forwarding as part of a hoax.

 

But what can you do to protect yourself from these types of threats?

While it is true that it is not a totally secure defense, if possible, it is best to use two-factor authentication to authenticate access to email accounts.

Additionally, other measures can be implemented to help defend against being involved in a BEC attack:

  • Mark emails from external domains in the subject line (server dependent)
  • Conduct security awareness campaigns, which will help staff make better decisions regarding incoming emails.
  • Whenever possible, validate by a reliable means other than email, with our counterparts or superiors, before sending money or confidential information.
  • Be attentive to the appearance of domains similar to that of our organization.
  • Frequently change the password of our email account.
  • Implement measures to prevent the imposition of our mail domain.

While none of these countermeasures alone will achieve total defense, they all add up to a less insecure mail environment.

From Security Advisor, we are available to assist you in achieving this goal.

Author: Hugo Köncke - Regional Consulting Manager at Security Advisor

 

Awareness is the best option

Security Advisor's Consulting area has an offer of services oriented to the awareness of Boards of Directors and Senior Management that allow these instances of the administration to know the fundamental concepts of cybersecurity, threats and current cases and the possible impact on the business.

Learn more about our consulting services by clicking here.

For inquiries do not hesitate to contact us by clicking here.

Share