FBI: BEC Scammers Now Impersonate Construction Companies
Since They Don’t Use Malware or Malicious URLs That Can Be Detected with Standard Cyber Defenses, these BEC Attacks Are Difficult to Trace.
The Federal Bureau of Investigation has recently warned that scammers are now posing as construction companies in business email compromise (BEC) attacks. The threat actors are targeting organizations from multiple U.S. critical infrastructure sectors.
BEC fraud is a scheme used by cybercriminals to gain access to a legitimate business email through social engineering or computer intrusion to impersonate an employee – often someone who can authorize payments – and instructs others in the company to transfer funds on their behalf.
According to FBI data, small and medium-size organizations, or those with limited IT resources, are most vulnerable to BEC scams because of the costs of robust cyber defense.
Hackers trick the victims into conducting wire transfers that appear legitimate but are, in fact, unauthorized. The instructions direct the wire transfers to the cybercriminals’ domestic or foreign bank accounts. BEC victims reported losses of over $1.8 billion in 2020, which is a huge chunk of the $4.2 billion total.
The agency issued the warning through a TLP:GREEN Private Industry Notification that was sent to organizations to help cybersecurity professionals defend against these attacks.
How Do BEC Attacks Work?
In 2020, one of the most common schemes criminals used to trick people was impersonating government officials and reaching out to victims via emails, phone calls, and social media to gather personal information about them or to ask them for money.
In the recent BEC attacks, BleepingComputer reports that the scammers use information collected through online services on construction companies they impersonate and the customers they’re targeting.
Platforms used for harvesting valuable data (e.g., contact info, bid data, and project costs) include local and state government budget data portals, as well as subscription-based construction industry data aggregators. The information harvested by the attackers allows them to custom-tailor emails designed to exploit the business relationship between the victim and the construction contractors.
The scammers send emails asking victims to change direct deposit account and automated clearing house (ACH) information. The new account information leads to apparently legitimate bank accounts which are, in fact, under the threat actors’ control.
To make sure the victims won’t be able to tell that the messages are fraudulent, the emails are sent using domains spoofing the contractors’ legitimate sites and legitimate company logos and graphics.
In order to address these threats, from a cybersecurity standpoint, you should implement multi-factor authentication as a default IT security policy. This will help prevent unauthorized access to e-mails, especially if an attacker attempts to log in from a new location.
Our Heimdal™ Email Security is a specialized add-on to any spam filter already in place. It will pair over 125 vectors to detect BEC fraud attempts and properly flag them. Combining email signature scans to word scans in order to detect changed IBAN codes and so on, no suspicious detail will pass unnoticed.
Heimdal™ Email Fraud Prevention
- Deep content scanning for attachments and links;
- Phishing, spear phishing and man-in-the-email attacks;
- Advanced spam filters to protect against sophisticated attacks;
- Fraud prevention system against Business Email Compromise;