Notes

BUSINESS EMAIL COMPROMISE – TOP PHISHING ATTACKS OF 2016 BY OAKMERE ROAD


In this series of blog posts we examine the most common forms of phishing attacks and appropriate countermeasures to protect both individuals and organizations – in this post we explore Business Email Compromise and the potential fall-out for executives.

Business Email Compromise

At the start of 2016, the FBI warned that it had seen a 270% increase in CEO scams, also known as Business Email Compromise (BEC) scams.

With these scams, savvy cyber criminals are taking the time to harvest personal information and learn the processes within a company. Once armed with this information, they target carefully selected employees with a spear phishing email designed to get access to confidential business information or transfer money into an unknown account.

Companies that have recently fallen victim to this kind of criminal fraud include:

- Ubiquiti Networks – the finance department was targeted by a fraudulent request from an outside entity that resulted in $46.7 million being transferred to an overseas account held by external third parties after an employee was impersonated.
- Mattel – a finance executive wired more than $3 million to the Bank of Wenzhou after the ‘new CEO’ requested a vendor payment. According to reports, Mattel quickly realized that it had been victim of a fraudulent request and worked with Chinese authorities to get the money back.
- FACC – the Austrian aircraft parts maker, whose customers included Airbus, Boeing and Rolls-Royce, reported that they had fired their chief executive after cyber criminals stole €50 million ($55.7 million) in an email scam.

Agari research found that more than 85% of spear phishing attacks are enabled by legitimate cloud services, and the majority do not contain a malicious link or attachment, which make them a lot harder to detect.

BEC Countermeasures

A multi-pronged approach is required to counter these types of targeted attacks:
1. Strengthen Internal Processes – To counter the threat of this type of attack, organizations must introduce policies that ensure that no one person or single email can authorize transactions. Instead, there needs to be a mixture of communication channels verifying any request for confidential or financial information.
2. Multi-Layered Approach – There is not a single solution available that can solve the breadth of the email security problem. What’s needed is multiple controls – a cocktail of complementary solutions that provides a multi-layered approach to cyber security where prevention, early detection, attack containment, and recovery measures are considered collectively.
3. Establish Per-message Authenticity – Organizations need a solution that considers sophisticated data science and email security intelligence in order to reinstill trust into the email ecosystem and establish the ‘true’ identity of an email’s sender.

Download Agari’s executive brief on the Top Phishing Attacks of 2016 to learn more about best practices to stopping phishing attacks.

You can also check out the other posts in the Top Phishing Scams series:

- Ransomware
- Data Breach of Employee Information
- Consumer Email Fraud
- Hacktivism