From May to July 2021, the company’s solutions prevented more than 9.5 thousand dangerous activities by cybercriminals, including attacks on companies from the transport, industrial, retail, information technology and delivery sectors. BEC attacks require cybercriminals with large resources and settings that can take weeks to months. One successful attack can result in losses in the millions.
In preparation for a BEC attack, cybercriminals usually initiate email correspondence with the victim’s employee in order to gain their trust and persuade them to perform actions that may be dangerous to the company or its customers.
For this purpose, attackers use previously stolen email boxes of other employees or addresses that visually resemble the official domains of a particular company. Sometimes criminals steal the credentials of a lower level employee to attack someone from the management team or management. In most cases, the target of the attacks is company funds, but there are also actions aimed at stealing confidential information, such as a customer database or internal documents related to business development.
Experts have selected the three most common scenarios used by cybercriminals as part of BEC attacks.
In such a scenario, the employee receives a fake email purporting to be from someone in the management team or management. In this way, attackers may try to persuade an employee to send confidential information to, for example, a “legal advisor” whose address is of course possessed by cybercriminals. Using this method, attackers can steal sensitive information of a company that should never leak out of its network.
As part of the attack, the company’s finance department may receive a fake email from an alleged employee requesting to change the account number to pay wages. If someone from the financial department makes such a change, the wages owed to the employee will go directly into the hands of cybercriminals.
Attacks of this type also target financial departments, but this time the allegedly fake message comes from the supplier or other contractor of the target company. Content may report a delay in paying for the service or simply have an entirely new bill to be paid. If the attacking employee makes a transfer to the indicated account number, the money will go to the scammers.
In preparation for a BEC attack, cybercriminals patiently collect information about their victim and use it to gain trust. Some of these activities are possible because attackers can easily find generic names, employee positions and other information available, for example, on company websites. Scammers typically use a variety of social engineering tactics to launch attacks, enabling them to convince victims that they are who they say they are. For this reason, companies should not underestimate the need to regularly train their employees in cybersecurity, said Alexei Marchenko, head of content filtering technology development at Kaspersky.
“Infuriatingly humble musicaholic. Problem solver. Reader. Hardcore writer. Alcohol evangelist.”