Friday, June 24, 2022
CybersecFill
Advertisement
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us
No Result
View All Result
CybersecFill
No Result
View All Result
Home Blog

Business Email Compromise(BEC) AKA Wire-Wire

Cybersecfill by Cybersecfill
July 19, 2019
in Blog
0
Business Email Compromise

Source: https://www.fbi.gov/news/stories/business-e-mail-compromise-on-the-rise

Share on FacebookShare on Twitter

Business Email Compromise Scam

What is Business Email Compromise Scam?

Business Email Compromise (BEC) Scam popularly known in Nigeria as “wire-wire” is a type of scam targeting companies that conduct wire transfers. Often, attackers impersonate the CEO, CFO or any executive in the company authorized to do wire transfers.

They do this either by spoofing or hijacking their official email accounts and using it to divert payment or initiate fraudulent wire transfers to an account controlled by the fraudsters.

BEC scam targets companies of all sizes and even the most tech-savvy companies in the world can fall victim. Tech giants Google & Facebook once transferred a total of $123 million to the account of a Lithuanian man after he tricked both companies with an elaborate two year BEC scam.

How Cyber-Criminals Conduct Wire-Wire Scams. 

BEC attacks typically rely on spear-phishing tactics to compromise official email accounts of unsuspecting employees particularly c-level executives.

Email accounts are often hijacked by infecting the victim’s computer with a spyware keylogger which records & sends to the attacker every keystroke the victim types on their keyboard thus eventually revealing their email login details.

The attacker then monitors the compromised email accounts studying the company’s processes, employees, vendors etc. This usually takes the attacker several weeks or even months enabling them to determine how money moves through an organization and which individuals in the company are responsible for such transactions.

After this, an attacker can then choose to;

  • Intercept an ongoing transaction with a customer and request for payment to be wired to an alternate fraudulent account.
  • Impersonate the CEO or CFO and request for funds to be wired to an account they control. This is also known as CEO fraud.

While there are several other variations to the BEC scam, the underlying concept remains the same which is to hijack a business email account and redirect legitimate wire transfers to a fraudulent bank account.

This attack has proven to be extremely successful because Nigerian cybercriminals do not need to be very technical as they can find tools and services that cater to all levels of technical expertise in the cybercriminal underground.

A recent report from the FBI shows that losses from these type of attacks almost doubled in 2018 to reach $1.2 billion. This figure excludes other hidden costs such as loss of revenue due to damage to the company’s image and reputation.

Countermeasures Against Business Email Compromise

  • Always be wary of phishing emails – Just a single wrong click or download could lead to total system compromise. Be cautious of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency.
  • All unexpected requests for money or invoice payments should always be confirmed verbally.
  • Always maintain a healthy dose of scepticism.

Taking several safety measures may seem a bit inconvenient but surely a little inconvenience definitely beats losing your hard-earned money to cybercriminals.

About Author

Chinua Katchy is a Cybersecurity Engineer working at Layer3. He is very passionate about cybersecurity and specializes in areas such as Vulnerability Management, Penetration Testing and Incident Response.

Tags: Business Email compromiseCybercrimecyberintelligenceGoogleHackingNigeria
Cybersecfill

Cybersecfill

An independent Nigeria cybersecurity blog.

Next Post
Cybersecurity in Africa

Cybersecurity In Africa - The Way to Go!

0 0 votes
Article Rating
Login
guest
guest
0 Comments
Inline Feedbacks
View all comments
  • Trending
  • Comments
  • Latest
CEH_PRACTICAL

CEH PRACTICAL EXAM – TICKET TO CEH MASTER

February 6, 2021
Wireless Access Point

How To Secure Your Wireless Access Point (WAP)

August 3, 2019
Wifi 6 Security

Did Wi-Fi 6 come with an Improvement In Security?

May 13, 2019
credit card cloning

How Credit/Debit Cards are Cloned / Preventing Card Cloning

December 26, 2019
Nationa Cybersecurity Strategy

A Review of the Nigeria National Cybersecurity Strategy

9
Facebook

Facebook’s New Settings Allows Hackers To Easily Pentest Facebook,Instagram Mobile Applications

8
Cybersecurity Jobs

Cybersecurity Jobs – You can create your own Cybersecurity Role

4
open Source intelligence tools

Open Source Intelligence tools – OSINT

4
Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

Recommended

Suspected Head of Cybercrime Gang Arrested in Nigeria…

Suspected Head of Cybercrime Gang Arrested in Nigeria…

June 17, 2022
Types of Hackers and Hacking Protection Tips….

Types of Hackers and Hacking Protection Tips….

June 6, 2022
Types of Hackers and Hacking Protection Tips…

Types of Hackers and Hacking Protection Tips…

May 31, 2022
Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

Sports Betting…Increase in Cybersecurity and Data Privacy Risks for Companies and Consumers.

May 19, 2022

© 2020 CybersecFill. All Rights Reserved.

No Result
View All Result
  • Home
  • Events
  • News
  • security tips
  • Article
  • Contact Us

© 2020 CybersecFill. All Rights Reserved.

wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply

Privacy Policy - Terms and Conditions