Fortalice Solutions has observed a substantial increase in Business Email Compromise (BEC) and wire transfer fraud attacks in recent weeks. Malicious actors are targeting organizations of all sizes and industries, bypassing email security and taking advantage of lax processes to intercept or reroute wire payments, confusing companies and their vendors or clients, and causing significant losses in revenue and reputation. Although ransomware remains a prevalent cybersecurity concern, if 2021 was the Summer of Ransomware, we have unfortunately transitioned into Wire Fraud Fall.
Business Email Compromise causes immense losses, with the Federal Bureau of Investigation (FBI) reporting over $1.7 billion in losses just in the United States through BEC attacks in 2019. These fraudsters can be privy to inside knowledge, such as employees, contractors or companies within your supply chain. More often, they are external parties that conduct open-source intelligence (OSINT) to gather data on your organization and illegally redirect electronic transfers to their accounts.
BEC and Wire Transfer Fraud Tactics
Fraudsters typically target organizations through one or more of the following tactics:
What You Can Do
Fortalice recommends organizations update or create new procedural checklists that all entities within the organization’s payment ecosystem are required to follow for the funds transfer process. These processes should be difficult to replicate by outsiders and designed to verify transfer requests. Examples include requiring a phone or video call to verify transfers with the requestor or utilizing a domain name the organization does not publicly use. Avoid regular email and relay payment information and instructions through either encrypted email or a secure portal that requires multi-factor authentication.
In addition to layering processes and validation steps, Fortalice recommends implementing technology defenses to build defense-in-depth and safeguard against wire transfer fraud. Organizations should ensure email server technologies are properly configured to minimize potential for domain and email spoofing, and that multi-factor authentication is enabled on email and domain administrator accounts. Use anti-virus software and anti-malware that can block attachments, links, and emails from unsafe senders, and mark all incoming emails with headers or banners denoting when they originate outside the organization. Block email auto forwarding for your company domains and ask any third-party vendors to follow suit, and store transaction logs and user access logs out-of-band in case they are needed.
How Fortalice Can Help
There are immediate and proactive steps your organization can take to identify and remediate vulnerabilities that may lead to wire transfer fraud:
Should your organization fall victim to Business Email Compromise or wire transfer fraud, the Fortalice Digital Forensics and Incident Response team can assist in handling the analysis, containment, eradication, and recovery from a cybersecurity incident.
For additional information on Fortalice Solutions service offerings, contact the team via email at firstname.lastname@example.org.
During the course of our investigative work, Fortalice has observed an increasing and alarming trend: personal email compromise is leading to business email compromise. Threat actors will leverage weaknesses regarding executives’ or board members’ personal cybersecurity hygiene to gain access to their business accounts. Extortion also remains a top cybersecurity threat, with organized criminals overseas routinely targeting corporations and the people who support them.
Silicon Valley Bank (SVB) was shuttered early this month and had its deposits seized in the largest U.S. bank failure since the 2008 financial crisis. Although it may seem like SVB’s collapse will only impact its direct customers and depositors, it is far more complicated. Like vultures to roadkill, cyber scammers often wait to exploit and target victims after tragedy strikes, or bad news arises. A perfect storm of stress, uncertainty, and urgency for customers and vendors alike during this time can impair someone’s judgement when they click links and open emails they otherwise would ignore or delete. Fortalice has outlined a few different ways cybercriminals social engineer their victims during times of extreme distress and insecurity.