The public sector, particularly smaller government institutions, is becoming a frequent target of cybercriminals as of late, and not just for ransomware attacks but also for business email compromise (BEC). This week, Cabarrus County, North Carolina, announced that it lost US$1.7 million to a BEC scam after a series of email exchanges that began in November 2018. US$2.5 million was initially deposited to the scammers’ bank account, but the county was able to recover US$770,000 weeks later after it sought help from its bank.
On November 27, 2018, the Cabarrus County staff received an email requesting that the bank account for Branch and Associates Inc. — the general contractor for the building of Cabarrus County’s new high school — be changed. Upon receiving legitimate-looking documents, which included a signed updated electronic funds transfer (EFT) form and signed bank documentation, the county staff changed the vendor’s banking information.
In time for the county’s scheduled payment to the vendor on December 21, 2018, US$2,504,601 was deposited to the account fraudulently set up by the scammers. Subsequently, the scammers diverted the funds to multiple accounts.
The county’s attempt to recover stolen funds
On January 8, 2019, the Cabarrus school district and county offices were contacted by Branch and Associates’ valid representative to inquire about their missed payment. On the same day, the county reached out to the Cabarrus County Sheriff’s Office, which then launched an investigation and notified the Federal Bureau of Investigation (FBI).
The county also notified its bank, SunTrust, and US$776,518.40 of the $2,504,601 that remained in the scammer’s traceable accounts was recovered. The county also received US$75,000 worth of insurance claim payment. Alongside the investigation, the county also underwent vendor data validation and redesign of its vendor registration and maintenance processes.
According to a report by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the amount BEC attackers attempted to steal reached an average of US$301 million per month since 2016. To stay one step ahead of BEC attackers, here are some best practices to follow:
Employees should always verify fund transfer and account update requests.
Emails should always be checked for any red flags. While many BEC attackers try to make their messages appear legitimate, there are many ways to tell if an email is impersonated.
Organizations should encourage their staff to use two-factor authentication (2FA) to provide an additional layer of security.
Apart from practical steps, organizations can look into adopting advanced technologies that can keep fraudsters from stealing money from email-based attacks such as BEC. For example, the Trend Micro™ Cloud App Security and ScanMail™ Suite for Microsoft® Exchange™ solutions employ Writing Style DNA — a technology that uses AI to properly and securely recognize the DNA of a user’s writing style based on past written emails to compare it with suspected fake emails. Writing Style DNA verifies the legitimacy of the email content’s writing style through a machine learning model that contains the legitimate email sender’s writing characteristics.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).