Executive impersonation schemes, categorized by the FBI as business email compromise (BEC) scams, are on the rise, reports Jaclyn Jaeger of Compliance Week.
According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams have affected more than 22,000 domestic and international victims, resulting in $3 billion worth of losses.
Unlike regular phishing attacks, malicious actors research both the victim, and the executive they are impersonating, in order to appear convincing enough to get what they need, Jaeger writes. Information can be gleaned from pretty much anywhere, including publicly-available information like social media and company websites.
According to Jaeger, this knowledge is used to craft emails that appear to be from an executive’s third-party email account offering excuses such as “I’m working remotely and don’t have access to work email,” for why the email is not coming from a work account.
There are a number of these red flags you can look for, such as an element of secrecy or urgency, Jaeger writes. More importantly, basic cybersecurity awareness can help determine the validity of these requests. MediaPro’s Steve Conrad tells Jaeger:
“People need just be aware of what those (red flags) are through communication and education to really help them understand what to look for in those instances,” Conrad told Jaeger.
As Conrad mentions, employee awareness and education are both crucial in successfully identifying these threats:
“Risks change all the time,” Conrad says. Executive impersonation schemes, for example, weren’t on the radar two years ago. “How many training programs have something like this? They don’t. As these new risks come up, you need to get these training nuggets out to the right people as soon as you can,” Conrad says. “People need to look at the ongoing education as a process not an event.”
Note: The article requires a subscription to view in full.