In recent news, Shark Tank's Barbara Corcoran nearly lost $400,000 in an email attack. She was lucky, they were able to intercept the banking funds. Cyber attackers continue to evolve this type of email attack called CEO Fraud, or Business Email Compromise (BEC). These are targeted email attacks that trick their victim into taking an action they should not take. In most cases, the bad guys are after money. What makes these attacks so dangerous is cyber attackers research their victims before launching their attack. It is also very hard for security technologies to stop these attacks because there are no infected email attachments or malicious links to detect.
Common sense is your best defense. Here are the most common clues to look for:
- The email is very short (often only a couple of sentences), urgent, and the signature says the email was sent from a mobile device.
- There’s a strong sense of urgency, pressuring you to ignore or bypass your employer’s policies. Always follow work-related policies and procedures, even if the email appears to come from your boss or the CEO.
- The email is work related but uses a personal email address, such as @gmail.com or @hotmail.com.
- The email appears to come from a senior leader, coworker, or vendor you know or work with, but the tone of the message does not sound like them.
- Payment instructions are provided, but these instructions differ from ones you already received, such as requesting immediate payment to a different bank account.
If you suspect you have been targeted at work, stop all interaction with the attacker and report it to your supervisor. If you have been targeted at home or you have fallen victim and a wire transfer was made, immediately report it to your bank, then to law enforcement.
Original source: https://www.sans.org/security-awareness-training/resources/ceo-fraudbec
Revamp Cybersecurity is a managed service provider + All things cybersecurity and IT.
Email: firstname.lastname@example.org to Get Secure Stay Secure