Frame-14

Privacy Ninja

        • DATA PROTECTION

        • Email Spoofing Prevention
        • Check if your organization email is vulnerable to hackers and put a stop to it. Receive your free test today!
        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • AntiHACK Phone
        • Boost your smartphone’s security with enterprise-level encryption, designed by digital forensics and counterintelligence experts, guaranteeing absolute privacy for you and up to 31 others, plus a guest user, through exclusive access.

        • CYBERSECURITY

        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$3,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Secure your digital frontiers with our API penetration testing service, meticulously designed to identify and fortify vulnerabilities, ensuring robust protection against cyber threats.

        • Network Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Mobile Penetration Testing
        • Strengthen your network’s defenses with our comprehensive penetration testing service, tailored to uncover and seal security gaps, safeguarding your infrastructure from cyber attacks.

        • Web Penetration Testing
        • Fortify your web presence with our specialized web penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats.

        • RAPID DIGITALISATION

        • OTHERS

FBI Warns of BEC Attackers Impersonating CEOs in Virtual Meetings

FBI Warns of BEC Attackers Impersonating CEOs in Virtual Meetings

The Federal Bureau of Investigation (FBI) warned today that US organizations and individuals are being increasingly targeted in BEC (business email compromise) attacks on virtual meeting platforms.

BEC scammers are known for using various tactics (including social engineering, phishing, and hacking) to compromise business email accounts with the end goal of redirecting payments to their own bank accounts.

In this type of attack, the crooks target small, medium, and large businesses alike, as well as individuals. The success rate is also very high since the fraudsters usually pose as someone the employees trust, like business partners or CEOs.

Also Read: 10 Principles On How To Build A Good Governance Model

Crooks impersonating CEOs in virtual meetings

In a Public Service Announcement issued today, the FBI said it noticed scammers switching to virtual meeting platforms matching the overall trend of businesses moving to remote work during the pandemic.

“Between 2019 through 2021, the FBI IC3 has received an increase of BEC complaints involving the use of virtual meeting platforms to instruct victims to send unauthorized transfers of funds to fraudulent accounts,” the FBI said [PDF].

As explained in FBI’s PSA, the criminals are using such collaboration platforms in their attacks in various ways, including impersonating CEOs in virtual meetings and infiltrating meetings to harvest business information:

  • Compromising an employer or financial director’s email, such as a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or “deep fake1” audio, and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
  • Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business’s day-to-day operations.
  • Compromising an employer’s email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.

BEC scams behind record financial losses

According to the FBI’s 2020 annual report on cybercrime, BEC scams are a very lucrative “business,” seeing that BEC attacks were behind a record number of complaints and financial losses of roughly $1.8 billion.

Also Read: The Importance Of DPIA And Its 3 Types Of Processing

This was the lion’s share out of the $4.2 billion officially lost to cybercrime by Americans in 2020.

Out of 791,790 complaints received by the FBI’s Internet Crime Complaint Center (IC3), 19,369 complaints were about BEC or email account compromise (EAC) scams.

The FBI also warned US private sector companies in March 2021 about BEC attacks increasingly targeting state, local, tribal, and territorial (SLTT) government entities.

In previous alerts, the FBI said BEC scammers abuse cloud email services such as Google G Suite and Microsoft Office 365, as well as email auto-forwarding in their attacks.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us