New, Improved BEC Campaigns Target HR and Finance

Business email compromise (BEC) campaigns have been targeting HR and Finance representatives to alter direct-deposit routings and transfer funds to a throwaway criminal account.  BEC attacks are cheap for attackers to use and can yield rapid and lucrative results.  The latest trend in BEC attempts is for the attacker to spoof an email from a high-level employee and convince a lesser employee to transfer the funds.  The use of spoofing a senior account makes an attempt seem authentic and urgent as they are coming from an authoritative employee.  This type of attack can be considered a form of Social Engineering with a successful attack being dependent on the behavior of the victim.  Protection from these types of attacks involves the organization having proper policies and technology.  It can be summed up with, "If it's possible for someone to request a check to be cut for $5 Million to someone not in the system, you've got a problem." says Phil Reitinger, President and CEO of Global Cyber Alliance.

Relevant URL(s):