Image

Image

"In some instances, actors have auto-forwarded e-mails received by the victim to an e-mail account under their control," the alert explains. "This reconnaissance stage lasts until the actor feels comfortable enough to send wire transfer instructions using either the victim’s e-mail or a spoofed e-mail account that is controlled by the actor. The difference in the spoofed e-mail account is very subtle and can easily be mistaken for the legitimate business e-mail address."The FS-ISAC alert also warns that attackers in some instances will wait until the target executive is on vacation, which makes it more likely that they would conduct official business via email rather than approach an employee in person before sending them wire transfer instructions. To mitigate the threat of BEC scams, it is recommended that businesses always confirm changes in vendor payment authorization via phone, maintain a non-electronic record of vendor contact information, and limit the number of employees who are able to authorize wire transfers. For more information on BEC, an attack type which caused U.S. businesses $215 million in losses last year, please review the FS-ISAC's statement here or refer to the United States Computer Emergency Readiness Team's follow-up alert here.