New Attack Vector Outlined in the FBI’s Business Email Compromise Warning

June 29, 2016

 The FBI has issued a stark warning about a rapidly-growing and downright brazen new email attack technique: simply asking employees for your critical data. Mimecast is urging organizations to think broadly about expanding new email security training to all employees.

Business Email Compromise (BEC), also known as whaling or CEO fraud, traditionally involves tricking members of the finance team to make payments to cybercriminals. But, while these attacks are still taking scalps, hackers are already evolving tactics to target others members within your organization. Financial teams are now getting wiser but many different departments within organizations have access to valuable data. HR, R&D, sales – anyone is potentially a target.

This new Public Service Announcement (PSA) highlighted there has been a 1,300% increase in these email attacks since January 2015. Since October 2013 hackers have attempted to send $3.1 billion (£2.2 billion) in 22,000 separate cases. The majority of cases have involved attempted wire-transfers to banks in China and Hong Kong. It’s worth noting that not all attempts were successful but the FBI said about one in four of the US victims did send money.

The PSA detailed the new scenario (Data Theft) involving ‘the receipt of fraudulent emails requesting either all Wage or Tax Statement (W-2) forms or a company list of Personally Identifiable Information (PII). This scenario does not always involve the request for a wire transfer; however, the business executive’s email is compromised, either spoofed or hacked’.

The data-focussed attacks also create a great deal of uncertainty around any potential cyber insurance coverage. Mimecast research recently found that just 43% of firms with cyber insurance are confident that their policies would pay out for whaling financial transactions. Putting a value on lost IP or data can be almost impossible.

Mimecast launched a new service in April designed to help stop these social-engineering attacks. Named Impersonation Protect and part of Mimecast Targeted Threat Protection, I explain how some of it works in the previous post. However, although technology can play an important role, it must be coupled with user awareness and robust processes.

To that end Mimecast email security experts have created the following guidelines to help you start planning today:

  • Conduct a review of which employees have access to valuable IP and data across the organization
  • Educate senior management, key staff and employees on this specific type of attack – make sure they know how it works and are extra vigilant
  • Review data protection procedures and consider revising how data transfers to external third parties are authorized
  • Consider inbound email stationery that marks and alerts employees to emails that have originated outside of the corporate network
  • Subscribe to domain name registration alerting services so you are alerted when domains are created that closely resemble your corporate domain
  • Look into solutions specifically designed to extend email security to guard against targeted threats in email, including whaling attacks

We’ll continue to monitor how these threats evolve but would also love to hear from you if you spot a new attack in the wild. Get in touch with your local Mimecast representatives if you would like to hear learn more about how to protect your organization from these email security threats.

Related Content: