There are a variety of business email compromise tactics that are used by scammers to convince executives to make fraudulent wire transfers. However, a security researcher from Symantec has noticed some scammers have started taking a different approach to increase the success rate of BEC scams.
The problem for the scammers is trust. While busy executives may be careless and fail to adequately check the legitimacy of bank transfer requests, widely publicized attacks on corporations have helped to raise awareness of the scams. Accounts department executives and other individuals responsible for making bank transfers are becoming more cautious. Cybercriminals have responded by changing their business email compromise scam tactics.
Some scammers have resorted to more elaborate scams, although Symantec’s Binny Kuriakose has noticed a much more casual approach is being taken by some scammers to get a better response.
These whaling attacks are nothing like the mass-mailed scams we have seen in years gone by. Instead of sending out millions of emails in the hope that some individuals will respond, for BEC scams to work, the attackers need to spend time researching a company, discovering its structure, and identifying targets. Emails are then crafted that match those sent by the CFO or CEO and are sent to specific individuals requesting bank transfers.
Whereas these ‘whaling’ attacks have typically involved one or two emails in the past, scammers are now spending more time trying to build up some rapport with the target. For that they have started using casual language and are sending multiple short emails to engage the target in a conversation.
For example, Kuriakose says the scam starts with “one-liner emails saying “are you at your desk?” or “please respond if you are available in office today.” Once the target has been engaged and responds, the scammer then replies asking what details are needed in order to make a bank transfer. Information is then requested on how the process works, and the scammer then promises to send an invoice over once the transfer has been made.
While the one line emails are casual, there is nothing casual about this approach. The idea is to make the target think that they are engaging with just another bored executive that has been asked to ensure that invoices are paid quickly and to make the target more complacent.
By using casual language in the emails, and by spending more time establishing a rapport with the target, that individual becomes much more likely to make the transfer request and even give the scammer all the necessary information to ensure the transfers are not questioned.
These business email compromise scam tactics are highly effective and are much more likely to result in a fraudulent wire transfer being made than the sending of a single email transfer request.
While executives may have been alerted to the threat of BEC attacks, this approach may prove more effective since it does not involve a large transfer request initially.
To counter the threat, all individuals responsible for making transfers should be educated on the risk and told to treat all transfer requests that do not follow company procedures to be treated as suspicious. To always reply to requests using the email address in corporate directories and not to reply directly to emails. Executives should also be careful about giving out any sensitive information.