Chris Swagler | February 24th, 2022

The United States Federal Bureau of Investigation (FBI) explained it has seen an increase of virtual meeting platforms being used to deceive users into sending payments to fraudulent accounts in an attack known as BEC scams. Business email compromise (BEC) scams, as the name implies, are usually carried out through email. Threat operators gain access to an executive’s email address and instruct employees or external business partners to send urgent or future payments to a new bank account controlled by the scammers or their money mules. While simple, the technique is extremely difficult to detect and has been the leading cause of cybercrime-related losses in the United States for the past five years, accounting for $1.8 billion in lost funds. However, the FBI stated in a security alert that the ongoing COVID-19 pandemic has caused companies to shift to online working and has also impacted how recent BEC attacks are carried out. According to FBI data, from 2019 through 2021 they received an increasing number of reports of BEC-focused threat actors using virtual meeting platforms as part of their attacks.

Even though the agency did not provide any specific figures, it offered three examples of BEC scammers using virtual meeting tools in their attacks:

With the FBI’s warning, many employees are pressuring their employers to continue remote work indefinitely, meaning virtual meeting platforms will likely remain a mainstay in many companies’ work environments. The FBI shared a series of recommendations and security settings that company system administrators will want to implement hoping to help companies understand the risks of possible BEC scams through this new communication medium:

With this recent FBI warning about a new business email compromise tactic using virtual meeting platforms, it’s important for companies to remain vigilant on the latest threat landscape and regularly check emails to verify if the sender’s email address is legitimate or suspicious. At SpearTip, our teams of certified engineers are continuously monitoring companies’ networks for potential threats, including BEC at our 24/7/365 Security Operations Centers; they are ready to respond to breaches at a moment’s notice. SpearTip’s ShadowSpear Platform, which protects users against BEC, is an unparalleled resource that optimizes visibility and integrates with cloud, network, and endpoint devices to provide an extra layer of security in preventing cyber threats from impacting companies.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.