SC Media had a post on August 30th about a just-published study from Barracuda of 3000 business email compromise (BEC) attacks. These attacks are often called CEO fraud because the CEO's identity is being impersonated.
The attacks succeed due to the simplicity and urgency of the attacks according to the study which also noted that 60% of the email attacks did not contain a phishing link.
The goal of BEC attacks is to socially engineer the recipient to take a specific action, such as a wire transfer or to send personally identifiable information that can be used for identity theft rather than to introduce malware. While the CEO is most often impersonated, others in the C-Suite may also be impersonated.
"The ability of these criminal groups to compromise legitimate business e-mail accounts is staggering," Martin Licciardo, special agent in the FBI Washington Field Office, said in a post on the FBI's official website recently. "They are experts at deception. The FBI takes the BEC threat very seriously."
The FBI's recommendation on defending against BEC includes this one, simple recommendation from Licciardo: "The best way to avoid being exploited is to verify the authenticity of requests to send money by walking into the CEO's office or speaking to him or her directly on the phone. Don't rely on e-mail alone."
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology