Over $37 million lost in BEC scam
September 2019 by Mimecast
Following the news that a major car components manufacturers lost more than $37 million following a business email compromise (BEC) attack, Carl Wearn, Head of E-Crime at Mimecast, has a comment to offer.
Carl strongly believes that these attacks can be prevented with the correct awareness training. The onus lies on the decision makers within business, who are often quick to discuss the importance of cyber hygiene, but do not always practice what they preach.
Carl Wearn, Head of E-Crime & Cyber Investigation at Mimecast: “Impersonation emails, particularly those purporting to be trusted third parties or senior company officials, are increasing. Their sophistication is also increasing and I expect this trend to continue and potentially accelerate with the use of machine learning. Organisations need to ensure that processes are in place to verify any change in payment details via known trusted sources and means. Under no circumstances should an email alone be accepted on face value, even if claiming to be from a trusted source. These may additionally contain malware in any attachments.
Individuals in particular positions of trust within any organisation, such as HR, Finance, IT administrators and senior company executives, need to be particularly vigilant for impersonation emails and employees should also be wary and prepared to verify any payment or invoice related requests received by email and supposedly from these key individuals. Criminals are increasingly actively seeking to exploit simple human processes and the trust between individuals and organisations to make money. As the use of this attack vector is increasing organisations need to ensure verification processes are implemented as soon as possible. Without them, as this example shows, significant losses can result”