FBI Warns of Cloud-Based Attacks Costing Companies $2 Billion
The U.S. Federal Bureau of Investigation has released a statement warning organisations of the risk of cloud-based business email compromise (BEC) scams that are becoming increasingly more prevalent in 2020.
The FBI estimates that this is costing US businesses alone $2 billion, as scammers increase the frequency and sophistication of their attacks, netting more and more from lucrative manipulations.
A business email compromise or BEC scam is, according to the FBI’s statement, “a sophisticated scam targeting businesses that perform electronic payments such as wire or automated clearing house transfers. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques resulting in an unauthorized transfer of funds.”
FBI data shows that between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received a number of complaints regarding BEC scams that amounted to $2.1 billion in losses, using the two most popular cloud-based email services. The rate of these scams has been increasing year after year in 177 countries, with few organisations immune to the damage.
The statement reads that one of the most effective types of BEC scams is initiated with a simple phishing campaign, designed to steal email accounts and other personal details. “Cyber criminals use phishing kits that impersonate popular cloud-based email services. Many phishing kits identify the email service associated with each set of compromised credentials, allowing the cyber criminal to target victims using cloud-based services. The FBI writes that “upon compromising victim email accounts, cyber criminals analyse the content of compromised email accounts for evidence of financial transactions. Often, the actors configure mailbox rules of a compromised account to delete key messages. They may also enable automatic forwarding to an outside email account.”
Using the information gathered from compromised accounts, the cyber criminals then impersonate a legitimate client of that business, and request any pending or future payments to be redirected to an account not associated with that business, but of the cyber criminals themselves. “As a result, a successful email account compromise at one business can pivot to multiple victims within an industry,” the FBI writes.
“Depending on the provider, cloud-based email services may provide security features such as advanced phishing protection and multi-factor authentication that are either not enabled by default or are only available at an additional cost.”
The FBI also provided a list of recommendations for end-users, including enabling multi-factor authentication for email accounts, verifying all payment changes and transactions in person or via a known telephone number, as well as educating your staff members about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to a suspected compromise.
For IT administrators working for a business, the FBI says it’s important to prohibit forwarding email addresses to external addresses, adding an email banner to messages from outside your organisation, maintaining a log of changes to mailbox login and settings for at least three-months, enabling alerts of suspicious activity, blocking malicious email content with anti-phishing and anti-spoofing policies and software, and disabling email protocols that can circumvent multi-factor authentication.