[ALERT] ADVISORY ON BUSINESS EMAIL COMPROMISE (BEC)

Submitted by IRTeam on Fri, 03/22/2019 - 11:17
Background

BEC attacks does not requires malicious program which can be detected by antivirus. Hence, it involves social engineering attempts to trick individuals into exposing their login information.

Basically, the attacker compromised the email account of a high-level business executive, such as CFO and CEO. The attacker will then send a request to transfer money using executive email account to an employee who is responsible for processing these requests such as finance officer. Lastly, the officer wired the payment a per instructions from her boss. Usually, the requests include the element of urgencies and request for confidentiality so that it appears completely legitimate. Once funds have been transferred, it will become untraceable and very unlikely that the money will ever be recovered.

•    Corporate email account; high-level business executive's email account
•    Uses identity of someone on a corporate network 

Recommendations

•    Protect corporate email account with two-factor authentication
•    Always make a requested wire transfer to follow prescribed steps; in-person-conversation verification
•    Always question yourself
•    Educate employees on what BEC attacks look like
•    Block known or suspected BEC emails