After uncovering audacious attempts to steal tens of millions of dollars, security experts warn of a growing threat from business email compromise (BEC) attacks that impersonate victims’ vendors and suppliers.
The e-mail in question was sent to an insurance company escrow officer and CC’d the client, presumed to be a commercial real estate company. According to Abnormal Security, the email was disguised as if it came from her SVP and General Counsel at the company’s long-term trusted partner.
The fraudulent email contained invoices and payment instructions for an alleged loan of over $36.4 million.
Attackers use fake company letterhead to add legitimacy to the scam and change just one letter in the sender domain from ‘.com’ to ‘.cam’ to reveal the real origin of the spoofed email. I tried to hide my ex.
“To add even more credibility, the attackers cc’d a second well-known real estate investment firm via email, also using the newly created domain, . [.cam]’ followed the unusual security.
“The companies involved in this attack often worked in commercial real estate facilitating large amounts of loans, and the invoices appeared legitimate to the legitimate recipients, so the validity of the wire transfer request was questionable for the time being. There was little reason to be concerned.”
Read more about BEC: BEC attacks will surge by 81% in 2022.
However, security firms have used AI technology to find some telltale signs that this is indeed a BEC attempt, in addition to the spoofed sender domain.
- Minor discrepancies in wiring instructions, such as “reference: name” instead of “reference name”, and missing disclaimer text
- Sender and cc’d domain registered within a week of email being sent
- Large payment request with different payment details
- Irregular language patterns in the body of the email, indicating fraud
“Total of these signals is suspicious enough for an email security platform to take action by detecting and remediating the attack,” the security vendor concluded.
“However, the anomalous customers were actually CC’d by email rather than the direct recipient, so it is difficult to determine whether the original recipient was protected or if the invoice was actually paid. You can not.”
BEC lost its position as the most lucrative type of cybercrime last year, only dropping to second place as cybercriminals will make more than $2.7 billion from these scams in 2022. Given that this is just the amount reported to the FBI, the real number is many times higher.
