Numerous email compromise tactics have for some time been in use by scammers to trick business executives into making fraudulent wire transfers. Recently, a Symantec security specialist has observed that some scammers have begun taking a new approach in order to increase BEC scams’ rate of success.
The biggest problem that the scammers face is trust. Although over-worked executives may become complacent and fail to sufficiently verify the authenticity of every bank transfer request, a number of well publicized attacks on large companies have increased business awareness of the scams. Executives working in accounts departments and other employees responsible for bank transfers have become more circumspect. In turn, cybercriminals have reacted by up dating their own business email compromise scam methods.
A number of scammers have developed more elaborate scams, however Binny Kuriakose of Symantec has noted that, in fact, a much more relaxed approach is being taken by some scammers in order to elicit a better response.
These “whaling” attacks are unlike the mass-emailed scams which were more common-place in previous years. In order for the BEC scams to work the attackers need to invest a large amount of time in studying a company (e.g. its structure), and in identifying potential targets, rather than the previous method of sending out several million emails in the hope that some individuals might reply. Emails which match those sent by the management of the company or corporation are then drafted and sent to targetted individuals asking for bank transfers to be made.
While ‘whaling’ attacks have usually involved only one or two emails in the past, scammers are now investing more time and effort in building up a rapport, and therefore trust, with the target. More casual language is being employed and multiple short emails are being sent in order to engage the target employee in a more relaxed conversation.
Kuriakose advises that the scam often begins with emails that are only one line long and appear fairly innocuous, e.g. asking if the recipient is in the office or at his or her desk today, if so “please respond.” As soon as the target has been engaged and replies, the scammer will then ask what details are required to make a bank transfer. Further information may then be asked about how the process functions, and finally the scammer will agree to send an invoice to the target when the transfer has been affected.
Despite the email conversations appearing casual, this scamming method is not. The intention is to make the target more complacent by lulling them into thinking that they are corresponding with a bored or stressed executive who has been told to make sure that invoices are paid immediately. The casual language and time invested in communicating with the target make the emails convincing to the victims and successful for the scammers.
The tactics are extremely effective and have been shown to be much more likely to result in fraudulent wire transfers being made than the former practice of sending a solitary email transfer request.
Although executives have now been alerted to the threat posed by the BEC attacks, the approach may still prove more effective as it does not, initially, concern a sizeable transfer request.
To limit the threat, all employees responsible for transfers should be trained about the risk and advised to treat every transfer request which does not adhere to company procedures as suspicious. Requests should always be replied to via the email address in corporate directories rather than replying directly to emails. Executives should also take care when communicating any private or sensitive information.