Business Email Compromise

The business email compromise scam. Bad guys made off with over $46 million from Ubiquity Networks.  Apache Corporation lost $7 million. The FBI reports that over 22,000 businesses have lost over $3.1 billion in this scam.

wire-transfer

 

The Business Email Compromise is a masterful example of social engineering.  The FBI describes how it  works:

The schemers go to great lengths to spoof company e-mail or use social engineering to assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use language specific to the company they are targeting, then they request a wire fraud transfer using dollar amounts that lend legitimacy.

Notice how this highly effective cyberattack is 100% malware free.  There is no malware. There is no spyware. There are no malicious computer processes. All the log files show authorized employees using their computers to do their jobs. The problem is that authorized employees are following bad instructions because of social engineering. The scam works because email is ideally suited pull-off social engineering scams.

You can fight back using SP Guard. SP Guard fights email impersonation schemes.