Abnormal Security found a 75% increase in this type of campaign in the first three months of the year and a spike of 200% from April to May.
The Business Email Compromise (BEC) is a more focused and potentially more profitable type of phishing scam favored by many cybercriminals. By spoofing a trusted individual such as a CEO or other VIP, or an external partner or contractor, the attackers aim to convince the recipient to send or share certain financial details. An especially popular type of BEC attack is one that uses invoice or payment fraud to steal money from the targeted organization. A blog post published Monday by security provider Abnormal Security highlights a rise in these specific kinds of BEC campaigns since the start of 2020.
SEE: Cybersecurity: Let’s get tactical (free PDF)
In the first three months of 2020, invoice and payment fraud BEC attacks increased more than 75%. But the rise was even more pronounced from April to May. Over that period, the volume of these types of BEC campaigns shot up by 200% per week, with a 36% jump in the number of organizations hit by these attacks. Among all kinds of BEC attacks, invoice and payment fraud scams accounted for 14% in April, rising to 17% in May.
These kinds of scams work by trying to convince an employee to purchase gift cards or coaxing a financial or payroll employee to change a fellow worker’s direct deposit account information. The attackers typically conduct fraudulent wire transfers, hijack vendor conversations, or change invoice data to redirect payments to a vendor. Because the financial amounts are usually higher than with other kinds of BEC attacks, these scams can offer criminals a substantially larger payout.
In one example of invoice fraud blocked and analyzed by Abnormal Security, the attacker impersonated an actual vendor used by the target organization, a telecommunications company. Over the span of two months, the person emailed several employees trying to convince someone to change banking details and redirect payment of a legitimate invoice for more than $700,000 to the attacker’s account. Though the victim took the bait, Abnormal Security was able to detect and prevent the transaction.
“While all business email compromise attacks can lead to significant financial loss, those focused on invoice and payment fraud can have an even greater financial impact,” Abnormal Security CEO and co-founder Evan Reiser said in a press release. “Even when an organization has established best-in-class security, third parties represent a weak link. As these types of attacks continue to climb, it’s more important than ever for companies to implement technology that detects and stops them.”
To guard your organization and employees against Business Email Compromise, Ken Liao, vice president of cybersecurity strategy for Abnormal Security, provides the following advice:
- Be extra careful with familiar sender names (e.g., executives or fellow employees) that originate from Gmail or other well-known general domains.
- Watch for out-of-domain impersonation techniques such as 1) swapping ‘i’ and ‘l’, 2) adding an ‘s’ to the end of a known domain (which will still look legitimate), 3) adding ‘int’ or ‘inc’ to the end of a known domain (which will still look legitimate).
- Don’t let your guard down if you receive an email with an ask that seems low risk and low consequence. Slow and measured engagement by an attacker is a common technique and can often be the early stage of an attack.