FBI warns of fake CEO attacks taking place via video conferencing systems

The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms.

Typically BEC scams work through the exploitation of compromised business email accounts, using a variety of techniques to trick unsuspecting workers into transferring funds into a bank account under the control of the scammer.  Often this might involve the creation of convincing invoices for genuine work that is taking place, or a bogus instruction from a "boss" to move money into an overseas bank account.

In its alert, the FBI's Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts.

According to the warning, the use of virtual meeting platforms by criminals has increased since 2019 because of the rise in remote work because of the COVID-19 pandemic.

The FBI's IC3 draws attention to three methods through which BEC scams can be conducted via virtual meeting platforms:

• An senior employee, such as a CEO or CFO, might have their email account hacked.  A request is sent to a worker to participate in a virtual meeting platform where the scammer will claim that their video/audio is not working properly.  A still picture of the CEO may be displayed on the virtual platform with no audio, or - in some instances - with deepfake audio.  Employees are then instructed to initiate fund transfers via the chat functionality of the virtual meeting platform or a subsequent email.
• Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business's day-to-day operations.
• Sending spoofed emails to employees from the compromised email account of the CEO (or another senior employee) instructing them to initiate fund transfers, as the CEO claims to be occupied in an online meeting and is thus unable to start the transfer of funds from their own PC.

The FBI advises companies and individuals to be on their guard against the use of virtual meeting platforms that are not normally used inside your particular office setting.  In addition, multi-factor authentication should be used to protect accounts better.

Furthermore, the FBI offers advice on checking links do not contain misspellings of a company's domain name, and that they do come from the business or individual they claim to be from.

In addition, the advisory reminds users to refrain from emailing login credentials or personal information of any sort via email, and to be wary of emails that request personal information.

Perhaps the best advice of all, however, is for businesses to have a formal method for initiating fund transfers that allow staff to double-check their veracity.  Such processes should be explained throughout the company, and it be made clear that no-one - not even the CEO of the business who might (or might not) be busy on a video call - can shortcut.

Last year, the FBI declared that BEC had caused over $1.8 billion worth of dollars in 2020 - a figure 64 times higher than the amount estimated to have been paid out to ransomware gangs.