How to Recover from A Business Email Compromise (BEC) Attack

Business email compromise (BEC) is one of the most devastating, and costly, cyber attacks of all time — it’s estimated organizations lose
over $130,000 per BEC incident.

According to the
FBI, BEC attacks start with a phishing email by either compromising the business email account via social engineering or by using some computer intrusion technique to transfer funds. It is easy for the cyber attacker to extract the job title, email address and other pertinent contact information by conducting a thorough LinkedIn search.

It is important to note there are also “scraping” tools that are available to dig deeper into these profiles to get this contact information as well.

In 2016, many successful businesses and corporations were victimized by such attacks. Examples of this include
Snapchat,
Seagate and
Sprouts Farmer’s Market. Also, Pivotal Software (located in San Francisco) was impacted as well.

The security breach was initiated through a fake email from the CEO that requested confidential employee information. The W-2 information shared included employee names, addresses, taxpayer identification number, 2015 income details and social security numbers.

Unlike other types of cyber threats, the BEC attack does not always involve the use of malware. Because of this, there is hardly any sort of forensic evidence left behind, thus making it all that much harder to track down the cyber attacker.

The financial impact, however, can be very devastating and last for a long time to come. After it’s discovered the money transfer was unauthorized, every attempt should be made to recover the funds. This can be done by immediately contacting the FBI. They have a task force that specializes in these kinds of cyber crimes. Although chances of recovering the funds is always slim and could take a long time, this is still one of the best avenues (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Hannah George. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/o_cd4Xj-0eQ/