Experts Blog

Wire Fraud Alert: Business Email Compromise (BEC) on the Rise
Kyle Macken

Fortalice Solutions has observed a substantial increase in Business Email Compromise (BEC) and wire transfer fraud attacks in recent weeks. Malicious actors are targeting organizations of all sizes and industries, bypassing email security and taking advantage of lax processes to intercept or reroute wire payments, confusing companies and their vendors or clients, and causing significant losses in revenue and reputation. Although ransomware remains a prevalent cybersecurity concern, if 2021 was the Summer of Ransomware, we have unfortunately transitioned into Wire Fraud Fall.

Business Email Compromise causes immense losses, with the Federal Bureau of Investigation (FBI) reporting over $1.7 billion in losses just in the United States through BEC attacks in 2019.  These fraudsters can be privy to inside knowledge, such as employees, contractors or companies within your supply chain. More often, they are external parties that conduct open-source intelligence (OSINT) to gather data on your organization and illegally redirect electronic transfers to their accounts.

BEC and Wire Transfer Fraud Tactics

Fraudsters typically target organizations through one or more of the following tactics:

  • Spear phishing emails – Targeted, customized emails are sent to a party involved in a pending transaction involving a funds transfer.
  • Email account hacking – Fraudsters can guess their way into the email account of a party involved and maintain undetected persistence within the environment.
  • Domain squatting, domain spoofing, or email spoofing – By using a domain name or email address that is slightly altered and interpreted as authentic, a malicious actor can impersonate executives, colleagues, vendors, or other trusted contacts and request transfers or transfer adjustments.


What You Can Do

Fortalice recommends organizations update or create new procedural checklists that all entities within the organization’s payment ecosystem are required to follow for the funds transfer process. These processes should be difficult to replicate by outsiders and designed to verify transfer requests. Examples include requiring a phone or video call to verify transfers with the requestor or utilizing a domain name the organization does not publicly use. Avoid regular email and relay payment information and instructions through either encrypted email or a secure portal that requires multi-factor authentication.

In addition to layering processes and validation steps, Fortalice recommends implementing technology defenses to build defense-in-depth and safeguard against wire transfer fraud. Organizations should ensure email server technologies are properly configured to minimize potential for domain and email spoofing, and that multi-factor authentication is enabled on email and domain administrator accounts. Use anti-virus software and anti-malware that can block attachments, links, and emails from unsafe senders, and mark all incoming emails with headers or banners denoting when they originate outside the organization. Block email auto forwarding for your company domains and ask any third-party vendors to follow suit, and store transaction logs and user access logs out-of-band in case they are needed.

How Fortalice Can Help

There are immediate and proactive steps your organization can take to identify and remediate vulnerabilities that may lead to wire transfer fraud: 

  • Fortalice’s risk and compliance experts can review existing policies and procedures and advise on improvements to meet industry best practices and implement additional protections.
  • The Fortalice Offensive Cyber Operations team can perform ethical hacking attacks against funds transfer processes through Red Team Exercises designed to emulate advanced adversaries attempting to avoid organizations’ alerting and monitoring capabilities and penetrate your network.
  • Our Security Engineering team can review email services and security tooling to ensure optimal configuration and protections are in place to defend against attacks, and conduct targeted threat hunting engagements to use the latest tactics, techniques, and procedures to search for embedded attackers and indicators of compromise in the target environment.

Should your organization fall victim to Business Email Compromise or wire transfer fraud, the Fortalice Digital Forensics and Incident Response team can assist in handling the analysis, containment, eradication, and recovery from a cybersecurity incident.

For additional information on Fortalice Solutions service offerings, contact the team via email at watchmen@fortalicesolutions.com.