
By John WIlson
It’s no secret that cyberattacks can happen to any business, and we should all be suspicious of messages from unfamiliar senders appearing in our email inboxes.
Related: Deploying human sensors
But surely, we can feel confident in email communications and requests from our organization’s executives and fellow coworkers, right? The short answer: Not always
The reason is the rise in business email compromise (BEC) schemes. This type of targeted phishing or whaling (executive-level) attack tricks email recipients into believing someone they know and trust is asking them to carry out a specific financial task. Here are a few examples of how these insidious campaigns use the power of human relationships to defraud businesses via email:
Scenario 1. A CFO receives an urgent email request from the CEO asking her to pay a supplier invoice immediately. The CFO commonly carries out such tasks and arranges a wire transfer using the account information provided on the invoice. In actuality, the request is coming from a BEC fraud ring, and the payment details direct the funds to an account controlled by the attackers.