As an email security company, we see all sorts of attacks and scams. It's why our Attack Briefs uncover so many new hacking trends.
We use that information to continually train and update our AI and machine learning algorithm.
One of those attacks we saw recently was a standard Business Email Compromise (BEC)e attack. It was "sent" from our CEO Gil Friedrich to our lead threat hunter Michael Landewe. It looks like this:
There's a few issues here. One, the email attributed to Friedrich is not his email. Two, there's grammar errors all over the place. This was easy to spot.
The one thing that stood out was that they asked for a cell phone. So using a seldom-used Google Voice account we followed up:
So, our "Gil" wanted $2,000 worth of gift cards. And was not thrilled with the idea of getting gift cards from somewhere other than a store. Why's that? Scammers don't like virtual cards because they can be traced back. Physical cards however, or at least the photo of the code, can be sold for fifty cents on the dollar on the dark web.
Gift card BEC scams are actually quite popular. The Internet Crime Complaint Center tracked a 1,240% increase in 2018 of these types of attacks. And at the beginning of the COVID-19 pandemic, scammers were asking victims to buy gift cards to help purchase PPE.
Stopping Business Email Compromise attacks can be really difficult. And that's why they are popping up at record paces. Just last week, the FBI said it was an investigating a potential $15 million BEC scam, affecting over 150 companies.
The key to recognizing and stopping BEC attacks is internal context. On deployment day, Avanan scans one year's worth of email conversations to build a trusted reputation network, using role-based and contextual analysis to identify threats. Avanan knows that the communication from our "Gil" is out of the ordinary. For an SEG, it would be the first time they ever saw such an email.
Here's the thing: Not every BEC attack will be so simple to identify. And because they continue to increase, it's going to be even harder to stop them.
