The US Federal Bureau of Investigation (FBI) warned private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise (BEC) attacks.
“The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds,” the FBI said in a Private Industry Notification (PIN).
“Between January 2014 and October 2019, the Internet Crime Complaint Centre (IC3) received complaints totalling over $2.1 billion in actual losses from BEC scams targeting Microsoft Office 365 and Google G Suite.”
BEC scammers in the cloud
The cybercriminals move to cloud-based email services matches organisations’ migration to the same services from on-premises email systems. Targets are redirected to the phishing kits used as part of these BEC attacks, upon compromising victim email accounts, cybercriminals analyse the content to look for evidence of financial transactions,” the FBI explains.
“Using the information gathered from compromised accounts, cybercriminals impersonate email communications between compromised businesses and third parties, such as vendors or customers.”
The scammers will then impersonate employees of the now-compromised organisations or their business partners, attempting to redirect payments between them to bank accounts under the attackers’ control.
They will also steal as many partner contacts from the infiltrated email accounts that they can later use to launch other phishing attacks and compromise other businesses, pivoting to other targets within the same industry sector.
BEC defence recommendations
Even though both Microsoft Office 365 and Google G Suite come with security features that can help block BEC scam attempts, many of them have to manually configured and toggled on by IT administrators and security teams and because of this, “small and medium-size organisations, or those with limited IT resources, are most vulnerable to BEC scams,” the FBI added.
The FBI issued a number of defence recommendations users can implement these measures to defend against BEC scammers:
- Enable multi-factor authentication for all email accounts.
- Verify all payment changes and transactions in-person or via a known telephone number.
- Educate employees about BEC scams, including preventative strategies such as how to identify phishing emails and how to respond to suspected compromises.
The $26 billion scam
The FBI’s Internet Crime Complaint Centre (IC3) revealed in September 2019 warning that BEC scams are continuing to grow every year with a total exposed dollar loss of more than $26 billion between June 2016 and July 2019, and a 100% rise in the identified global exposed losses from May 2018 to July 2019.
These numbers are backed by the publicly reported losses of BEC scams with:
- A Toyota Group subsidiary announcing in September 2019 with an expected financial loss of over US$37 million.
- Nikkei, one of the largest media groups in the world, costing the company around US$29 million in October 2019.
October 2019 saw 281 people were arrested in the U.S. and other countries as part of Operation reWired, a globally coordinated law enforcement to disrupt Business Email Compromise (BEC) schemes.
A previous and similar effort dubbed Operation Wire Wire, announced in June 2018, was the first such enforcement action designed to go after hundreds of BEC scammers and it led to the arrest of 74 individual, as well as the disruption and recovery of roughly US$14 million in fraudulent wire transfers.
Our experience in crisis management, disaster recovery and time critical project work has proven to be the major point of difference as has our open and transparent communication.
To discuss successful partnerships and how engaging Consulting IT to maintain your IT infrastructure will:
- Reduce your Staff downtime/ Expenditure/ Stress/ Exposure and Risk
- Increase your Awareness/ Business Continuity Plans/ Backup and Disaster Recovery Systems/ Auditing and Compliance
Simply contact Corey Hill (firstname.lastname@example.org), National Sales and Marketing Manager.
#disasterrecovery #consultingit #backup #backups #disasterrecoveryplan #emailsecurity #breached #computersecurity #informationtechnology #antivirusandmalwares #phishingattacks #informationsecuritymanagement #informationsecurityawareness #phishingattack #phishingemail #cybersecuritythreats #cybercriminals #scammers #scam #scamalert #riskmanagement #businesscontinuity #cybersecurity #crisismanagement #cyberattack #infrastructure #databreach #cyberattacks #security #malware #datasecurity #email #itsupport