535 Connecticut Ave. Suite 104
Norwalk, CT 06854
Empire State Building
350 Fifth Avenue, 59th fl.
New York City, NY 10118

Featured Article

June 23, 2016

FBI: Beware New Email Scam

Put your staff on full alert: Last week, the FBI posted a notice warning about a rapidly spreading email scam which, to date, has resulted in the attempted robbery of at least $3 billion from businesses.

The scam is called business email compromise (BEC). In this type of scam, cybercriminals will first spy on unsuspecting victims’ networks, using the intelligence they gather to plan a carefully executed attack. Then, the criminals will attempt to impersonate someone with close ties to the company in order to obtain money or data.

According to the FBI, there are five different ways that cybercriminals are deploying BEC attacks:

  • Seizing executive email accounts: Hackers use an executive’s email account to trick an employee within the company to wire funds into a private bank account.
  • Pretending to be foreign supply contacts:  Here, the hackers attempt to trick foreign suppliers into wiring money into private accounts.
  • Targeting HR and financial reps: In this type of attack, hackers target human resource or financial employees in search of personal data such as wage or tax information.
  • Assuming employee email accounts: Hackers are also targeting mid to entry-level employees, using their email accounts to request fraudulent payments from third-party vendors.
  • Impersonating attorneys: Hackers are also impersonate attorneys, attempting to strong-arm victims into sending payments into personal accounts.

In any of these types of attacks, victims who comply with the criminals’ requests are technically considered to be “money mules.” Money mules can be either unwitting or willing. In the former case, the mule gets duped into complying with a request and is typically not at fault. In the latter scenario, however, a mule will act as an insider and knowingly transfer money in exchange for compensation.

We here at Apex Technology Services are looking into the problem of willing accomplices in BEC attacks, and are waiting to hear back from the FBI on the matter. There is reason to believe the problem could be quite extensive, especially considering that 60 percent of all cyberattacks in 2015 resulted from an inside job.

The fact remains, though, that whether willing or unwitting, no business wants to wind up in the middle of an international money-laundering scam. As is the case with any phishing attempt, there is no telling what the money could be used for—and this is a terrifying concept. The last thing you want is for your business to inadvertently fund a criminal or terrorist organization.

What’s more, the problem is not going away. In fact, it’s getting worse. Between October 2013 and May 2016 there were 22,143 reported cases of BEC attacks. Since January 2016 there has been a 1,300-percent spike in BEC-related losses. Reports have been issued in all 50 states, as well as in 79 different countries.

One of the major reasons why BEC attacks are spreading so quickly is that the attacks look very professional. These aren’t the spammy-looking messages that you see in your junk folder, which are usually rife with misspellings and contain funny messages. These are professional-looking, well-written or official-sounding correspondences that seem aboveboard.

It’s therefore vital that you double-down on your efforts to train your employees and bring them up to speed about the threat of BEC attacks.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

In addition, our new Cybersecurity Compliance Certification for law firms will help keep your legal practice from becoming the next Panama Papers victim. This baseline cybersecurity audit for the legal industry should be considered seriously by all law firms.







Related Articles