IC3 Alert For Raleigh-Durham-Research Triangle Businesses

BEC Scams Are Being Perpetrated Through Office 365

Although Microsoft Office 365 is a great IT solution and we recommend that our clients use it, over the past few months, we have seen major threats emerge. There’s been a proliferation of BEC (Business Email Compromise) Scams and Office 365 hacks resulting in large sums of money being transferred to fraudulent entities.

What Are BEC Scams?

The FBI’s Internet Crime Complaint Center (IC3) has issued an alert describing a growing number of scams targeting businesses working with foreign suppliers or businesses that regularly perform wire transfer payments. These sophisticated scams are classified as Business Email Compromises (BEC) or email account compromises (EAC) and use social engineering techniques to defraud.

The techniques used in the BEC/EAC scams have become increasingly similar, prompting the IC3 to begin tracking these scams as a single crime type^. The scam is carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

Most victims report using wire transfers as a common method of transferring funds for business purposes; however, some victims report using checks as a common method of payment. The fraudsters will use the method most commonly associated with their victim’s normal business practices.

The BEC Scam has evolved to include the compromising of legitimate business email accounts and requesting Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees and may not always be associated with a request for transfer of funds.

How Are BEC Scams Being Perpetrated?

It’s largely unknown how victims are selected; however, the subjects monitor and study their selected victims using social engineering techniques prior to initiating the BEC Scam. The subjects are able to accurately identify the individuals and protocols necessary to perform wire transfers within a specific business environment. Victims may also first receive “phishing” emails requesting additional details regarding the business or individual being targeted (name, travel dates, etc.).

Based on IC3 complaints and other complaint data, there are five main scenarios by which this scam is perpetrated.

1. Business Working with a Foreign Supplier – A business that typically has a longstanding relationship with a supplier is requested to wire funds for an invoice payment to an alternate, fraudulent account. The request may be made via telephone, facsimile, or email. If an email is received, the subject will spoof the email request, so it appears similar to a legitimate request. Likewise, requests made via facsimile or telephone call will closely mimic a legitimate request. This particular scenario has also been referred to as the “Bogus Invoice Scheme,” “Supplier Swindle,” and “Invoice Modification Scheme.”
2. Business Executive Receiving or Initiating a Request for a Wire Transfer – The email accounts of high-level business executives (Chief Financial Officer, Chief Technology Officer, etc.) are compromised. The account may be spoofed or hacked. A request for a wire transfer from the compromised account is made to a second employee within the company who is typically responsible for processing these requests. In some instances, a request for a wire transfer from the compromised account is sent directly to the financial institution with instructions to urgently send funds to bank “X” for reason “Y.” This particular scenario has been referred to as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
3. Business Contacts Receiving Fraudulent Correspondence through Compromised Email – An employee of the business has his or her personal email hacked. This personal email may be used for both personal and business communications. Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal email to multiple vendors identified from this employee’s contact list. The business may not become aware of the fraudulent requests until that business is contacted by a vendor to follow up on the status of invoice payment.
4. Business Executive and Attorney Impersonation – Victims report being contacted by fraudsters who typically identify themselves as lawyers or representatives of law firms and claim to be handling confidential or time-sensitive matters. This contact may be made via either phone or email. Victims may be pressured by the fraudster to act quickly or secretly in handling the transfer of funds. This type of BEC scam may occur at the end of the business day or work week and be timed to coincide with the close of business of international financial institutions.
5. Data Theft – Fraudulent requests are sent utilizing a business executive’s compromised email. The entities in the business organization responsible for W-2s or maintaining PII, such as the human resources department, bookkeeping, or auditing section, have frequently been identified as the targeted recipients of the fraudulent request for W-2 and/or PII. Some of these incidents are isolated and some occur prior to a fraudulent wire transfer request. Victims report they have fallen for this new BEC scenario even if they were able to successfully identify and avoid the traditional BEC scam. This data theft scenario of the BEC scam first appeared just prior to the 2016 tax season.

What’s Causing Microsoft Office 365 Scams?

BEC and other scams can affect you when your email isn’t backed up properly. BEC Hackers are using ransomware to infecting emails when you use Microsoft Office 365.

Office 365 users receive an important email from Microsoft that appears to be harmless. It contains a link that when clicked deploys a ransomware virus that infects your computer and networks. The original scam used a virus names CryptoLocker.

It can encrypt all the files on your computer and hold them for ransom. Now you’re at the mercy of the hacker until you pay. If you don’t pay, the hacker will destroy your files. However, it’s advised that you don’t pay because the hacker may take the money and still leave you without your files.

What Should We Do To Prevent BEC Scams From Office 365 And Being Victimized By Ransomware?

CSP has two products that can help to prevent these risks.

1. 2-Factor Authentication for Office 365
2. An Office 365 Back-Up Solution

We’d like to tell you more about these solutions. To learn more join our Webinar: “How To Prevent Office 365 From Becoming A Major Security Risk.” You can Register Here. Or, contact our Cybersecurity Experts in Raleigh, NC to schedule a complimentary consultation to learn how we can protect your computers and networks.