Business Email Crime scam is on the rise – 400 businesses hit every day

 

Imagine: You return from holiday to discover that your accounts team have wired hundreds of thousands of pounds of company funds to a stranger. What’s more shocking is that it was supposedly by your request. This email scam is trending – CEO fraud or Business Email Compromise (BEC). Over $3 billion have been lost over the past three years with over 22,000 victims across the globe.

How the scam works

Attackers spoof the email address of CEOs or directors. They then send messages to the company’s finance department posing as the CEO, tricking them into wiring money. The fraud usually begins with phishing emails to gain access to inboxes, and also to check whether an out of office reply is received. Scammers use Out of office replies and social media to determine whether their target is absent. Each attack is well-researched and targeted specifically to that company, so it is important to be aware that this scam is around and gaining momentum.

Who is targeted

Small and medium sized business are most targeted by scammers. However, while nearly 40% of victims identify as small to medium businesses, larger corporations have equally been affected. Earlier this year the CEO of an Austrian aerospace parts manufacturer was fired after the company lost 42 million euros to a BEC attack. The fraudsters posed as the CEO in order to transfer money to an account for a fake ‘acquisition’. Scammers often focus on companies that work with international suppliers where transferring or wiring money to international accounts is not out of the ordinary.

For many companies such a request may not seem unusual, which is one reason BEC scammers have had so much success. Likewise, throughout a busy workday an emailed request may be plausible enough to fly under the radar. Scammers follow a working day sending emails when you would expect to receive them – during business hours and avoiding lunch time. It is important to be wary, even in the daily commotion of the office where urgent tasks and distractions may cause security to be lax.

How to stay safe

Hackers cleverly disguise their scams so it is important to be aware of common signs of phishing emails. However, these are a few telling signs to look out for and advice on how to safeguard your company. You can also click here for our blog post with ITVET’s tips for spotting phishing emails.

BEC scam statistics

1. The subject line
‘Request’ is the most commonly used subject line or other single-words such as payment, urgent or transfer. These are hard to filter as the simple mundane subject lines do not arouse suspicion.

2. The email address
Occasionally, the scammer’s email address may on first glance appear to be from your director. On closer inspection you might notice that the domain may be off by one letter e.g. [email protected] Scammers are aware that during a busy day such small, sly changes could go unnoticed.

3. Education
Make sure your accounts team are aware of this thriving scam and to reinforce the importance of acting cautiously around financial transactions.

4. Communication
When it comes to protecting your company from a scam, communication is key. Cross-checking financial requests or two-factor authentication is important, ideally through multiple modes of communication. Verify significant transactions verbally or in person, especially if the request seems out of the ordinary.

To discuss your email security contact our team on 01279 464 470 or email [email protected]


Trends You Need to Know About Fraudulent Emails

fraudulent emails

We are all aware of the potential for spam and phishing emails to hammer our inboxes on a daily basis. This is why it’s prudent to protect your network with a hosted email filtering service, such as Trend Micro. However, even with the best email filtering service in place, an amount of spurious emails will most likely still make it to your inbox. This is mainly because the criminals who send out such emails are employing ever more sneaky ways to fool their victims.

Although there are hundreds, if not thousands of different types of dodgy emails being sent round, there are two particular types which merit taking immediate action to protect your data and your bank balance. These two types of emails have taken things to the next level in terms of how far these crooks will go to part you or your company from your cash or data.

Urgent Request from the MD to make a bank transfer

text boxAn email arrives from your MD, or other senior person who can authorise payments. It instructs you to make an urgent payment to the company detailed in the email. The MD will usually be out of the country or away when this email arrives. The crooks know this as they have most likely sent a phishing email and received an out of office response with the recipient’s job title. They then do some research on your company and establish the hierarchy and who would deal with bank payments. The crooks edit the “From” field of the email so it does indeed look like the MD’s email address and usually use the signature: “sent from my mobile” or similar.

We are aware that globally this type of email con has managed to trick some pretty large companies out of some significant amounts of cash. In one instance a US company transferred a six figure sum to the fraudster’s bank account. This may seem incredible but remember these crooks have done their homework on their victim’s company. They probably know the turnover of the company and possibly some of their clients or suppliers. They have even been known to hack their way in to the company’s email system, and obtain their contact database. This means that when they send the request for payment, the name may even be that of one of the company’s clients or suppliers, just with a different account number and sort code.

So what can be done to try and prevent this type of targeted attack?

In terms of preventing this type of email arriving, it is actually quite hard as they look like genuine emails. However, there are a number of measures that can be taken to protect your company.

1. Make it the company policy to never make bank transfers based upon the receipt of one email, even if it is from the MD. Do not reply to the email. Use an alternative contact method such as a text or phone call to confirm the payment request. Admittedly this is more about the company’s internal payment methods than the email system but it is an effective way to prevent this type of fraud.

2. If your company has a hosted email filtering service, then implement a policy that will detect any email with the words “Sort Code” as this is pretty much a unique term which relates to banking. The email can be tagged in the header with a message of your choice such as “Warning potential phishing email”. The warning should alert the recipient to the potential risks. It is also possible to Quarantine emails with these trigger words although this may cause disruption to your accounts department. If there are a number of genuine emails received containing these phrases, these will need to released from the quarantine.

Crypto locker Ransomware in older Office documents (Word, Excel etc.)

This type of threat has been doing the round for some time but we are now seeing a huge increase in the frequency of them. These emails are worded with titles that are deliberately chosen to lure you into opening the attachments with subjects such as “Invoice for service” or “Your Order Receipt”.

Opening the attachment will usually run an application which will encrypt your data. Not just on your PC but on any network drive that you have access to. Once all of your data has been encrypted, a message from the hackers will appear on your screen advising you that your data has “been secured” for you. If you would like access to the data they will decrypt it for a sum of money that must be paid in Bit Coins. The amounts demanded vary around $500 but can be as much as $5000.

Unfortunately once your data has been encrypted there is no way to decrypt the data without the decryption key, which only the crooks know. You will have to restore your data from the most recent backup, which is not ideal to say the least.

So what can you do to protect yourself from this type of threat?

cryptolockerSo far these types of attacks only use old style Office documents, such as .doc/.xls. If you have a hosted email filtering service, then it would be very easy to quarantine all old style Office documents. However, with so many companies still using these old document formats, it means that there might be quite a lot of genuine emails caught in the spam filter that will need to be released.

Alternately, emails containing attachments with old document formats could be tagged in the message title with a warning to alert the recipient of the potential danger of opening the attachment.

The most obvious and easiest form of protection is not to open any attachment unless you are expecting it and it has been sent by the correct person/company. However, in the heat of the day in a busy office, it is so easy to accidentally open an attachment. In the event you believe you may have accidentally opened an infected attachment, speed is of the essence. Steps to follow:

1. Unplug the network lead from the back of your PC, or shutdown as soon as possible

2. Call the IT support provider

The above outlines just two of the many thousands of online threats, which are growing rapidly by the day. If you would like to discuss any of the above, or if you have any other questions, please contact us at [email protected] or call 01279 464 470.


How To Spot Scam Emails, Five Top Tips

phishing

Recently at ITVET, we received an email stating that we are eligible for a refund on our tax disc and to follow a link to the direct gov website to fill in an application form to receive this refund. This is not genuine, if you have received a similar email do not click the link provided.

This particular email was quite convincing, so we have provided a few tell-tale signs that an email may be a scam. Scammers are constantly devising new ways to trick you into giving away valuable information and it is sometimes hard not to get caught out. It is not always easy to spot a phishing email but here a few tips of what to look for.

1. Always be suspicious if an email asks for personal information.
Even if an email appears official you should be wary if you are being asked for bank details, passwords or credit card information. In a recent scam email we received, we were asked to send our credit card details by fax – it is unlikely that your bank would ever ask you to send them your passwords or account number so always act with caution.

2. Check the spelling and grammar of the email.
If you glance over an email it may appear official with company logos and pictures, but on closer inspection you will often spot obvious spelling mistakes and questionable grammar.

3. Check any links included in the email.
Check the link carefully– the link may seem genuine or valid at first but often the link displayed does not match where you will be redirected to if you click on it. If you hover over a link in the email you will be able to see where the hyperlinked address will take you to. The tax disc email we received showed a link to direct.gov.uk but if you hover over this link is shows a website registered to South Africa. To be safe, do not click on any suspicious links and do not open any attachments that you are not expecting.

dvla-link1

4. Check the sender’s email address.
We recently received a batch of emails from a scammer posing as 123reg and they were sent from [email protected] Even if the email address does contain the name of a company or your bank there will often be something slightly shifty about it too such as including numbers.

5. Something just feels wrong
Often if something seems suspicious or not right then you can trust your instinct. For example, if you receive and email saying that you have won the lottery and you haven’t bought a ticket it is quite clear that someone is trying to trick you into giving away your bank information. These may be an extreme example but if you read through an email and you are uncertain whether the information is genuine, then it most likely isn’t.

For any enquiries please contact us at [email protected] or on 01279 464470.