The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms.
Typically BEC scams work through the exploitation of compromised business email accounts, using a variety of techniques to trick unsuspecting workers into transferring funds into a bank account under the control of the scammer. Often this might involve the creation of convincing invoices for genuine work that is taking place, or a bogus instruction from a "boss" to move money into an overseas bank account.
In its alert, the FBI's Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts.
According to the warning, the use of virtual meeting platforms by criminals has increased since 2019 because of the rise in remote work because of the COVID-19 pandemic.
The FBI's IC3 draws attention to three methods through which BEC scams can be conducted via virtual meeting platforms:
The FBI advises companies and individuals to be on their guard against the use of virtual meeting platforms that are not normally used inside your particular office setting. In addition, multi-factor authentication should be used to protect accounts better.
Furthermore, the FBI offers advice on checking links do not contain misspellings of a company's domain name, and that they do come from the business or individual they claim to be from.
In addition, the advisory reminds users to refrain from emailing login credentials or personal information of any sort via email, and to be wary of emails that request personal information.
Perhaps the best advice of all, however, is for businesses to have a formal method for initiating fund transfers that allow staff to double-check their veracity. Such processes should be explained throughout the company, and it be made clear that no-one - not even the CEO of the business who might (or might not) be busy on a video call - can shortcut.
Last year, the FBI declared that BEC had caused over $1.8 billion worth of dollars in 2020 - a figure 64 times higher than the amount estimated to have been paid out to ransomware gangs.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 19, 2024
November 14, 2024