BEC Scammers Steal US$1.75 Million From an Ohio Church
Business email compromise (BEC) continues to be a bane to many organizations, with the FBI reporting that the scam cost businesses US$1.2 billion in 2018 alone. And it seems that BEC threat actors are expanding from their traditional enterprise victims toward nonprofit and religious organizations, with a recent incident involving a church.
On April 17, the Saint Ambrose Catholic Parish in Brunswick, Ohio, discovered that it had been the victim of a BEC attack. The church found out about the attack shortly after it was contacted by Marous Brothers Construction, one of its contractors, regarding its unpaid bills for its repair and restoration project. The bills added up to US$1.75 million — the same amount stolen by the perpetrators of the BEC attack.
According to the FBI, Saint Ambrose was made to believe that Marous Brothers had changed its bank account. The attackers managed to gain access to two employee email accounts. These accounts were then used to trick other members of the organization into wiring the payments into a bank account owned by the cybercriminals. Unbeknown to the parish, it had been sending its payments to a fraudulent bank account. Since the intended recipient — Marous Brothers — had not been getting the payments, the construction firm had to inquire as to why the church had been in arrears.
In a letter sent to parishioners, Saint Ambrose said that only the email accounts were compromised, with other data such as the church’s financial information and the parishioner database remaining safe. The letter also mentioned that the church would be reviewing its security strategy and systems to prevent similar incidents from happening in the future.
BEC beyond businesses
BEC, aka email account compromise or EAC, is a highly prevalent scheme used by crooks to quickly make bank. Most times, it does not require much technical skill, given its focus on tricking people into wiring money meant for trusted entities to bank accounts controlled by the criminals.
Despite its name, though, BEC is not limited to businesses only — organizations of all forms and sizes present lucrative targets to scammers as long as money is involved. The problem is exacerbated when considering that many of these organizations implement only the bare minimum of security in their networks and systems. And the reality is that it is often up to the members of the organizations to ensure that their environments are as secure as possible.
Here are some best practices to help prevent BEC attacks:
- Employees should always verify any fund transfer request, preferably by checking with the relevant person whether they actually did send the request.
- Emails should always be examined closely to check for any red flags. While many BEC threat actors try to make their messages as convincing as possible, there are often telltale signs that an email is not legitimate.
- Organizations should encourage their members to use stronger credentials and authentication methods for their online accounts. For example, using two-factor authentication (2FA) when available provides an additional layer of security beyond that of simple passwords.
Aside from these practical steps, enterprises can benefit from advanced technologies that can keep fraudsters from stealing substantial amounts of money from email-based attacks. Trend Micro’s email security products use artificial intelligence (AI) and machine learning to defend against BEC. This anti-BEC technology combines the knowledge of a security expert with a self-learning mathematical model to identify fake emails by looking at both behavioral factors and the intention of an email.
Trend Micro’s solutions also employ Writing Style DNA technology, which uses AI to properly and securely recognize the DNA of a user’s writing style based on past written emails to compare it with suspected fake emails. The Writing Style DNA is used by Cloud App Security™ and ScanMail™ Suite for Microsoft® Exchange™ solutions to cross-match a suspicious email’s writing style to the supposed sender’s using 7,000 writing characteristics as patterns, which include capitalization of words, usual sentence length, and the use of punctuation marks.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases