The United States Federal Bureau of Investigation (FBI) explained it has seen an increase of virtual meeting platforms being used to deceive users into sending payments to fraudulent accounts in an attack known as BEC scams. Business email compromise (BEC) scams, as the name implies, are usually carried out through email. Threat operators gain access to an executive’s email address and instruct employees or external business partners to send urgent or future payments to a new bank account controlled by the scammers or their money mules. While simple, the technique is extremely difficult to detect and has been the leading cause of cybercrime-related losses in the United States for the past five years, accounting for $1.8 billion in lost funds. However, the FBI stated in a security alert that the ongoing COVID-19 pandemic has caused companies to shift to online working and has also impacted how recent BEC attacks are carried out. According to FBI data, from 2019 through 2021 they received an increasing number of reports of BEC-focused threat actors using virtual meeting platforms as part of their attacks.
Even though the agency did not provide any specific figures, it offered three examples of BEC scammers using virtual meeting tools in their attacks:
- Compromising an employer’s or financial director’s email and requesting that employees participate in a virtual meeting platform where will the threat actor inserts a still image of the CEO with no audio, or “deep fake” audio, claiming that their audio and video is not working properly. They then instruct employees to initiate funds transfer through the virtual meeting platform chat or through a follow-up email.
- Using employee emails to infiltrate workplace meetings through virtual meeting platforms to collect information on companies’ day-to-day operations.
- Compromising an employer’s email and sending spoofed emails to employees instructing them to initiate funds transfer, claiming that the CEO is occupied in a virtual meeting and unable to initiate funds transfer through their own computer.
With the FBI’s warning, many employees are pressuring their employers to continue remote work indefinitely, meaning virtual meeting platforms will likely remain a mainstay in many companies’ work environments. The FBI shared a series of recommendations and security settings that company system administrators will want to implement hoping to help companies understand the risks of possible BEC scams through this new communication medium:
- Confirm the use of external virtual meeting platforms that aren’t normally used in their internal office setting.
- Verify requests for changes to account information using secondary channels or two-factor authentication.
- Make sure the URL in emails corresponds to the company and sender.
- Keep an eye out for links that contain misspellings of the actual domain name.
- Don’t send any login credentials or personal identifiable information (PII) through email. Keep in mind that many emails requesting personal information may appear legitimate.
- Verify the email address used to send emails, especially when using mobile or handheld devices, ensuring the sender’s address matches who it’s from.
- Ensure that full email extensions can be viewed by enabling the setting on employees’ computers.
- Regularly check personal financial accounts for anomalies, such as missing deposits.
With this recent FBI warning about a new business email compromise tactic using virtual meeting platforms, it’s important for companies to remain vigilant on the latest threat landscape and regularly check emails to verify if the sender’s email address is legitimate or suspicious. At SpearTip, our teams of certified engineers are continuously monitoring companies’ networks for potential threats, including BEC at our 24/7/365 Security Operations Centers; they are ready to respond to breaches at a moment’s notice. SpearTip’s ShadowSpear Platform, which protects users against BEC, is an unparalleled resource that optimizes visibility and integrates with cloud, network, and endpoint devices to provide an extra layer of security in preventing cyber threats from impacting companies.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.