Cyber attacks on organizations of every size have been on an alarmingly steep rise as of late—specifically business email compromise (BEC) and adversary in the middle (AiTM) attacks, which are some of the most financially damaging (think wire fraud and ACH fraud).
Though these tactics are more devious and sophisticated than ever, they are preventable!
We feel a sense of urgency and obligation to implore our customers to be extremely cautious in your email handling practices and online activity, and ALWAYS VERIFY the legitimacy of a request before taking any action. It costs nothing to pick up the phone and call the supposed sender of an email before changing their payment information, for instance.
In recent months, it has gutted us to witness many Nebraska businesses fall victim to substantial cyber fraud.
If you are a managed IT client of ours, know that we have many layers of security in place to protect your organization. However, having the best seat belt, air bag, and car insurance doesn’t mean you should drive recklessly. A highly sophisticated AiTM attack on a naive end-user can still cause damage and cost your company in dollars, data, and damage to your reputation.
Knowledge is power.
An educated end-user is an empowered one and is far less likely to be duped or deceived. Below, we’ve included more information about the workings of these attacks as well as best practices for handling questionable emails.
Please share this information with your team or organization, as the end-user is your last line of defense.
What is business email compromise?
Business email compromise (BEC) is an exploit and often a phishing attack in which an attacker obtains access to a business email account and imitates the mailbox owner’s identity in order to defraud the company and its employees, customers, or partners. The culprit poses as a trusted figure, then asks for a fake bill to be paid or for sensitive data they can use in another scam. BEC scams are on the rise due to increased remote work—there were nearly 20,000 BEC complaints to the FBI last year. BEC incidents can lead to potential data theft and ransomware deployment as the attacker gains knowledge and understanding of business systems.
What is an AiTM attack?
This is a type of attack that involves session hijacking. It may originate from a compromised trusted vendor and transition into “adversary in the middle,” in which the attacker waits for a victim to log into an application (such as a banking or email account), and then swoops in to steal the session cookie. The attacker then uses the cookie to log into the owner’s account but, instead, from the attacker’s browser. This allows the attacker to bypass MFA methods for a time determined by the cookie expiration period, which may be minutes, hours, or days.
Tips and Pointers on Spotting and Handling BEC & AiTM attacks
The key practice we want to stress (and it is absolutely free and effective) is:
- VERIFY! VERIFY! VERIFY!
ALSO IMPORTANT:
- DO NOT trust that the sender is who it appears to be. It’s easy to spoof an email address. Once again, pick up the phone and speak directly to the supposed sender. It costs nothing to call and ask "Did you send me this email requesting a wire transfer?" However...
- DO NOT use the phone number provided in the email to call for verification. Find the contact information you know to be true for the individual or organization.
- DO NOT click any links in emails you weren’t expecting or that seem unusual. If you need to visit a website, type the URL into your search bar yourself.
- DO NOT open any attachments in emails you weren’t expecting or that seem unusual.
- DO NOT trust unusual or unexpected SMS messages either. If you receive a strange text message to your phone alleging to be someone you know, find a way to call the correct number and verify the request.
BOTTOM LINE:
If a request is unusual, unprompted, uncharacteristic of the sender, urges you to perform a task, or involves financial or other personal sensitive information, it warrants a phone call (or if they’re in your office, a face to face).
As always, please call or email us with any questions or concerns. Your security is our priority.
And ask us about cyber security awareness training! We’ll periodically test your organization’s end-users with fake phishing emails to identify areas where you may be vulnerable, and we’ll follow up with specific targeted education and training.
Stay vigilant and stay safe!