IT, Cybersecurity and Compliance Solutions in Washington and Oregon

Business Email Compromise (BEC) & Wire Fraud

Written by Byron Martin | Oct 10, 2020

Also known as CEO Fraud. Listen to CEO, Byron Martin, explain how hackers can get access to your email and what to be aware of. This is a billion dollar enterprise, the more you know the more you can protect yourself from being the victim. 

Business Email Compromise (BEC) & Wire Fraud 

 

 

How the Business Email Compromise (BEC) Scam Works

Byron Martin: Let me just run down the steps again real quick. So, one is they figure out who you are. They do their research.

Second, they send a phishing email or spear phishing, to try and trap somebody to click around something. Okay, that's step two.

Once they've done that, they'll sit and wait. They watch, they look at email conversations, they look for the perfect opportunity to misdirect a wire transfer.

And Fourth, they divert inbound emails to somewhere else. An account or mailbox they control.

Fifth, they create a fake domain, a fake email address that almost looks just like yours, and that looks so legit. One character off, of one variance, one difference. And then they start emailing.

 

Exchange of Information

So Six, then they start, they take those email look-a-likes, and then they start emailing your accounts, your bankers or whoever it is that you're looking at doing those wire transfers from and they essentially take over the email thread, you're out of the equation.

Now that they're using their fake domain, it's not even hitting your mail system, not even hitting your email inbox. It's gone, you're out of the equation.

Seven, they continue to reroute inbound emails, they isolate any legit communication, so you're not even in there, you're not seeing it. But I've also seen it too where they act in the middle, and they will email you and they will reply or things like that. They're pretty crazy.

So I mean, you might even feel like you're communicating, but they'll intercept that email and then when they send it on to the account and Banker, whatever it is, or a vendor, or the customer, whoever it is. They'll even intercept it, so you still feel like you're having a conversation with your customer, but you're not.

 

Wire Transfer

And then Eight, you know it's right there at the end, once they have the information, once they've gotten everything tee'd up, they misdirect the wire transfer or the banking information, and bam, it's gone, you know, the money's out. So that's kind of the rundown of the steps.

It's important for you to know, for me to know, and understand it, so we know their tactics so we can recognize it. And that's my hope, is that we take this opportunity to recognize it. And we watch out for it, we train our people for it, especially those that handle money. And really anybody in the organization needs to understand to be on the lookout for phishing attempts. People that control money obviously need to be on high alert. And a lot of people are doing some really good things, and they're working really hard. It's just unfortunate that people are getting hit, and people are getting hit wholly.

We want to avoid that. We don't want that, especially right now they're trying to take advantage of the situations and mimicking emails that may be COVID related or relief related. So, keep an eye out, make sure it doesn't happen to you.

Image source courtesy of the FBI

Have you Implemented a Cyber Security Awareness Training Program Yet?

My name is Byron Martin, CEO of Teknologize.

I've got some great recommendations for some Cyber Security Awareness Training for users. There's a good company that I use, it's called KnowBe4. I love them, they're great. They've got the full package, phishing tests, online training, and it's good, it's not boring training. It's actually pretty entertaining. And I watch it for fun.

To wrap it up here. Those are the steps, please be careful and know that the threats are real and that we're prime targets.

So, signing off, for now, Byron Martin again, and if you have any questions please feel free to email me byronm@teknologize.com or you can Direct Message me on social media, Facebook, LinkedIn, Twitter, whatever you want. Happy to chat, happy to respond, to answer any questions. Whatever I can do to help out our community.

So have a good night. Take it easy and Thank you.

 

If you’re looking to implement a Security Awareness Training program for your organization call 509-396-6640 or Contact us for more information

 

Teknologize is a Managed Service Provider with offices located in the Tri-Cities and Yakima, Washington 509.396.6640 and Bend, Oregon 541.848.6072.