In December of 2020, cyber criminals accessed the computer systems of One Treasure Island, a non-profit that is redeveloping its namesake site in order to better serve the community. A total of $650,000 was stolen from the organization. The Wall Street Journal reports that the organization had allocated the funds to an affordable housing project in the area.
Executive Director, Sherry Williams, stated that she knew something was amiss in January, after speaking with an individual tied to the project who hadn’t received payment. Says Williams in learning of the breach, “it was absolutely devastating.”
How did it happen?
The cyber security issues occurred after an email-compromise attack. Business email compromise (BEC) is a specific type of phishing attack or spear phishing attack. The intention is to fool employees into taking actions that serve hackers’ purposes. One of the most costly phishing attacks in existence, BECs can be tough to spot.
Cyber criminals managed to gain entry into the nonprofit’s email system using a third-party bookkeeper. The criminals then added themselves to existing email chains through the use of phony, albeit real-looking, email addresses.
Hackers also impersonated Sherry Williams, sending out an email to the intended project payment recipient, saying that payment would not be processed quickly. In going a step further, they also manipulated the information on a legitimate invoice, and changed the wire transfer instructions to serve their own purposes. The transfer requests were then inadvertently paid out by the targeted organization.
Email compromise attacks
The FBI handled more than 19,300 business email compromise complaints last year. In 2020, email compromise attacks cost organizations over $1.8 billion. They represent one of the most expensive categories of cyber crime monitored by the Internet Crime Complaint Center (IC3).
States the Wall Street Journal and Kevin Coleman, executive director of the National Cyber Security Alliance, “These are just the email compromises companies disclosed, meaning the true figures are likely larger”.
What does a BEC attack look like?
In a BEC attack, hackers trick employees by impersonating an individual or spoofing an organization.
- Cyber criminals may spoof a trusted vendor in order to convince an employee to take certain actions.
- Look-alike domains are often created with the intention of getting an employee to click on an illegitimate link.
- Attackers may compromise accounts and make any requests look as though they emerge from trusted email addresses.
There are numerous types of BEC scams. They range from false invoice scams, to CEO fraud, to account compromise, to attorney impersonation.
If affected by such a scam, it’s important to report it quickly. Reporting attacks within 72 hours of unintentional financial payment can improve the probability of restoring lost funds.
Preventing a BEC attack
- Anti-phishing protection. Because BEC emails represent a type of phishing, the use of anti-phishing technologies can help. An anti-phishing solution should be able to identify key characteristics of BEC emails. They can also leverage machine learning to explore email data for other attack indicators.
- Employee education. BEC attacks target employees, making their education about cyber attacks central to the security of your organization at-large.
- Separation of duties. BEC attacks frequently impersonate internal email addresses through the use of domain spoofing or look-alike domains. By developing program policies that label emails from outside of the organization as ‘external’, organizations can help defeat look-alike issues.