BEC Attacks: How Attorney Impersonation Works

Cases of attorney impersonation are on the rise and often, they are accompanied by fraudulent requests for money or sensitive information. Techniques, such as spoofing of email addresses, whereby an email address is impersonated in an effort to convince contacts to click on links or put themselves in similar online risk, are increasingly common in this era. This article focuses on attorney impersonation, depicting one of the most critical variants of social engineering schemes in the business email compromise (BEC) landscape.

Undoubtedly, executives are the best impersonation targets for cyber criminals. They commonly issue orders involving large sums of money or critical and sensitive data, and their orders are obeyed, sometimes without any question. Cyber attackers have learned to take advantage of this opportunity.

To carry out this crime, scammers go to great lengths to compromise or spoof company emails or to use social engineering to assume the identity of the CEO, executive, company attorney, trusted vendor or customer. The criminals do their homework to develop a good understanding of the victim’s normal business practices.

The scam is performed by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds. Many times, the attack starts by involving an executive as the initiator of the malicious request. The email account of the executive is accessed by crooks and the request is made through a hacked or spoofed email address (more information about account compromised can be observed in
this article).

At the time of receiving the contact, several situations can happen, but two of the most common are:

  • Situation A: Employee receives an email from the CEO or company executive, claiming to be handling a confidential or time-sensitive transaction.
  • Situation B: Employee receives an email directly from an attorney, who is impersonated (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pedro Tavares. Read the original post at: