Hackers take advantage of mass work from home to rob companies

US, WASHINGTON (ORDO NEWS) — Fraudsters carefully study and observe for a long time their potential victims and their organizations for several months. Cybercriminals track employee behavior and upcoming transactions. The main goals are stocks, venture capital and accounting

Check Point researchers report that a massive shift to work from home motivates hackers to steal through bank transfers. Since everyone uses e-mail for their work, hackers use fraud in corporate correspondence, or, as it is also called, BEC (Business Email Compromise) fraud.

Literally, BEC translates as “compromising business email,” and is a type of fraudulent scheme that uses electronic transfers. Typically, BEC begins with cybercriminals who break into corporate mail and fake emails in order to impersonate one of the company’s top managers, usually the CEO or CFO.

Sometimes hackers pretend to be suppliers. Once inside the corporate network, the cybercriminal asks for seemingly legal payment. The letter looks very believable, and it seems that it is received from the head, so the employee submits. Typically, attackers request a transfer of money or checks for storage. Without knowing this, the employee transfers the funds to the selected bank account, which belongs to the hackers. It can then be difficult to identify and prosecute the hackers responsible, meaning many businesses may lose substantial amounts of money. While Computer Forensic Experts can help businesses gather evidence against hackers, sometimes cybercriminals escape prosecution.

In the case of BEC attacks, attackers use social engineering tactics to trick unsuspecting employees and managers. As already mentioned, they mimic the role of the CEO or any other manager authorized to make or request wire transfers. In addition, scammers carefully study the behavior and for a long time monitor their potential victims and their companies, tracking all upcoming transactions.

Typically, these scams were carried out by one person. Recently, however, Check Point researchers have noted that these frauds are becoming more sophisticated and classify them as organized crime. In April 2020, Check Point researchers published an article about how they uncovered a scheme in which a cyber gang, which researchers called the “Florentine banker,” earned $ 1.3 million between three private joint-stock companies.

For several months, members of the group studied the emails of their victims, manipulating correspondence, registering similar domains, and immediately cash out money. The emergency intervention of Check Point Incident Response led to the recovery of a little more than half of the stolen amount, the rest was lost forever.

Researchers believe that commercial organizations and venture companies are the main targets of BEC attacks, therefore it could be beneficial for them to learn more about the cybersecurity of their company. Since hackers know that large organizations often transfer significant amounts of money, these organizations also need to have a good understanding of exactly how hackers can take advantage of them. What stages can be distinguished in such an attack?

  • Observation After attackers gain control of the victim’s email account, they will begin to read emails. Cybercriminals can spend days, weeks, or even months doing intelligence, patiently mapping business schemes and standard procedures before actively interfering in communication
  • Control and isolation. Attackers begin to isolate the victim from third parties and colleagues, creating malicious mailbox rules. These email rules redirect any emails with filtered content or topics to a folder monitored by hackers, essentially creating a man-in-the-middle attack.
  • A similar setting. Attackers register similar domains, those that are visually similar to the legitimate domains of persons participating in the correspondence that they want to intercept. An attacker begins to send emails from similar domains. They either create a new dialogue, or continue the existing one, thereby deceiving the goal, believing that the source of the message is legal.
  • Money transfer request. Attackers begin to enter information about their bank account using two methods:
  • Interception of ordinary, legal transfers
  • Creating New Bank Transfer Requests
  • Money transfer. Cybercriminals control the correspondence until a third party approves new bank details and confirms the transaction. If the bank rejects the transaction due to a mismatch in the currency of the account, the name of the recipient, or for any other reason, the attackers try to fix all errors as quickly as possible until the money falls into their own hands.

how can they stay safe. We expect that in 2020 and in the future, attackers will have more opportunities, given the evolving culture of working from home.”

Here are some tips to protect your organization from BEC attacks:

  • Enable multi-factor authentication for business mail accounts. This type of authentication requires the input of several pieces of information for entering the system, for example, such as a password. The introduction of multi-factor authentication makes it difficult for cybercriminals to access email from employees.
  • Do not open emails from unknown senders. If you accidentally did this, do not click on the links or open the attachments, as they often contain malicious programs that gain access to your system.
  • Double check the sender’s email address. A fake email address often looks very similar to the email address of colleagues or partners.
  • Always check the transfer requirement before sending money or data. Design a standard workflow for employees to confirm email requests for bank transfers or confidential information.
  • Choose the option “forward” rather than “reply” when replying to business emails. When sending an email, the correct address must be entered manually or selected from the address book. Forwarding ensures that you use the correct recipient email address.


Contact us: [email protected]

Our Standards, Terms of Use: Standard Terms And Conditions.