Email compromise is one of the biggest information security threats that could significantly impact the business
Email correspondence is second nature in today’s digital world because of all the inherent advantages it affords. The foremost among them - it provides a dated written record which can be easily located and reviewed whenever required, it can be sent in mid of the night and the recipient can go through it once she/he feel comfortable to check the mailbox. The most exciting things about e-mailing is, that it can be accessed from anywhere in the world on a host of different devices. Today, it is an integral to daily life, but what happens when someone hacks your email account?
Cyber Attacks that Shocked the Businesses
Recently, two big Indian conglomerates were forced to pay $5 million each in order to prevent hackers from disclosing information. In one case, the email system of a company got compromised, while in the other case, hackers were able to get remote access inside the company's IT system to steal the sensitive information. They kept reading and even downloading every correspondence between the employees and valued clients. The companies were asked to pay $5 million otherwise they must be ready to face the grim consequences.
In another most discussed case, the Oil and Natural Gas Corporation Limited (ONGC) lost Rs 197 crore after cyber criminals duplicated the public sector firm’s official e-mail address with minor changes and used it to convince a Saudi Arabia-based client to transfer payments in their bank account. These days, hacking is not restricted to the corporate, it is a big threat for VVIPs too. A few months back, the email account of finance ministry spokesperson has been hacked by someone purportedly in the United Kingdom.
A Global Concern Which Need to Be Resolved Smartly
According to a public service announcement released by the Internet Crime Complaint Center (IC3), in between October 1, 2013, and December 1, 2014, there have been nearly 1200 people in the US and a little over 900 in other parts of the world have become the victim of this malpractice.
Hackers usually target businesses that work with foreign clients/suppliers and make monetary transactions on a regular basis. They usually attack using compromised email accounts as the springboard for diverting company funds meant for legitimate vendors. Most of the banks where these illegitimate funds got transferred are based in China and Hong Kong. High-level executives such as CEO’s, CFO’s and CXO's are more prone to such types of attacks.
Types of Business Email Compromise (BEC)
Email hacking is the latest and probably one of the biggest challenges for Information Security. It targets the weakest link in the IT Security landscape and unaware users. Primarily, there are three types of Business Email Compromise (BEC) scams are taking place these days.
1. Mail Compromise of the Senior Partners in the Organization
Hackers hack into the mail ID’s of the users in the Finance department using a simple phishing scam where the user is asked to change his user name and password in a mail seemingly originating from the IT department. Once the mail is compromised client details are identified from the mails. Invoices are then resent to the client with one small difference – The details of the bank accounts are changed. Once the client pays off the money, the funds are immediately diverted to different banks from where it is withdrawn and siphoned off.
2. Spoofing the Identity of the Organization
The email sender impersonates an executive at another company. The spoofed sender info uses look-alike domain names that closely resemble the corporate domain names of the organization being impersonated. The spoofed sender appears to be with an actual reseller or distributor with a pre-existing corporate relationship with the targeted organization. The body of the email instructs the target to pay all new or outstanding invoices via wire transfer to a new bank account. Attached to the email is a PDF containing wire-transfer instructions, including a bank name and account number.
3. Poaching into Social Media Accounts
Collecting mail ID’s and other useful information from professional and social media websites such as Naukri, LinkedIn etc.
How to Counter Business Email Compromise (BEC)
There are multiple steps that need to be followed by organizations to protect their businesses from email compromises –
1. It is important for an organization to sensitize their employees on these scams to ensure that any suspicious mail / activity is reported to the IT Team.
2. Organizations should adopt Two Factor Authentication with their mail exchange servers that severely impact upon the functionality of downloading mails on Outlook or phone. Today, it is possible to integrate mail accounts such as Outlook, Thunderbird, and protocols such as POP / IMAP or MAPI directly with Two Factor Authentication. This way, it is extremely convenient for the users to secure their credentials.
3. Finally, users can add digital signatures on their mails to validate the authenticity of the mails.
The author is a consultant for AuthShield Labs