StopClone is able to eliminate BEC fraud before it happens. Included in packages 2, 3 and Blue Chip.
BEC (Business Email Compromise) Fraud, is on the rise, with small to medium-sized enterprises (SMEs) losing an average of £37,000.
BEC attacks are increasingly popular with cyber criminals to steal money and information as well as spread malware, a recent report by our researchers revealed the top objective of such attacks being to trick recipients into transferring money into accounts controlled by cyber criminals. Attackers typically compromise the email accounts of CEOs and other top executives so those accounts can be used to send messages to more junior staff members, tricking them into taking some action by impersonating the email account holder.
In this instance, attackers will pose as a company CEO or other company executive in an attempt to fool any level of employee — from intern to an accountant to human resources and everything in between — into executing unauthorized wire transfers or sending out confidential tax information. Often, there can be crossover here into social engineering attacks, which use psychological manipulation to trick people into divulging confidential information or providing access to funds.
Usually, CEO fraud phishing emails are social engineering, but they sometimes can be spear-phishing attacks (that is, the attacker spoofs the CEO asking an employee to download a file).
As mentioned above, one of the biggest goals for cyberattacks is account takeover. This is one of the most devastating forms of BEC attacks and involves using phishing emails to hack an executive or employee account and then uses those qualifications to request invoice payments to vendors. Interestingly, this dovetails with reports that more than 56% of organizations report falling victim to a breach caused by their vendor.
Account takeovers may not be seen as destructive as ransomware or malware attacks, but they can cause huge financial loss to companies. They also almost always start with a social engineering attack, asking recipients for unspecified tasks or for compromising information. Then criminals often lurk for months undetected in the back end of systems, learning communication patterns they can later exploit. This ecosystem is clearly still extremely vulnerable to hacking and phishing attacks, leaving a ripe opening for cybercriminals to abuse.
False invoice scheme
This is one of the top five major types of BEC scams. These attacks commonly target someone who works in a business’s financial department, such as an accountant. Savvy attackers will alter a legitimate invoice’s bank account numbers but leave the rest of the invoice unchanged, making it difficult to detect that it’s fraudulent. The possibilities from there are numerous: Some attackers increase the payment amount or create a double payment, among many strategies.
However it happens, the false invoice scheme involves using phishing emails to impersonate the accountant, the vendor, or both. These techniques are replicable in other prominent billing schemes, such as creating shell companies or making fraudulent purchases with organizational funds.
YEARS OF EXPERIENCE
CLIENTS IN THE UK
PROFESSIONAL STAFF MEMBERS