The Next Cybersecurity Threat: Your Email Inb0x By John Meyer, Abrigo Group
$
5,300,000,000,000 … That’s how much cyber criminals have siphoned from businesses and consumers worldwide through business email compromise (BEC) and email account compromise (EAC) scams since 2013, according to the Internet Crime Complaint Center (IC3). The FBI noted that these scams have increased 136% worldwide from December 2016 to May 2018.
How do these scams work? There are three basic stages to a BEC/EAC scam:
• Stage 1 – Compromising victim information and email accounts
• Stage 2 – Transmitting fraudulent transaction instructions
• Stage 3 – Executing unauthorized transactions Stage 1 – BEC/EAC scams can be completed through a simple email exchange with a fraudulent look-alike email or with a more advanced email phishing scheme. Through social engineering or malware, fraudsters attempt to compromise a legitimate business e-mail account. If they cannot compromise an email, the scammer spoofs a valid email address by inserting a character such as a “0” (zero) in place of an “O” (capital letter O), making the fake email look realistic. Social engineering is the use of deception to manipulate individuals into giving out personal or confidential information, either in-person or through digital channels. The fraudsters monitor and study their selected victims prior to initiating the scam. This can be everything from diving deep into the victim’s social media accounts or physically infiltrating a business to gain information. The growth of the internet and social media has made social engineering significantly easier and less time consuming. Now, instead of visiting a physical location, the scammers can get most of the needed information through a simple web search.
• 26 •
• March-April 2019
