Skip to main content

FBI Warning Businesses About Scam

By July 7, 2016May 25th, 2021Blog, Cybersecurity

FBIXWarningXBusinessesXAboutXScamThe FBI has issued an official warning of a new scam the hackers are using, and it’s costing business big bucks. According to the FBI, BEC (Business Email Compromise) has already cost the business community more than three billion dollars, and that figure grows by the day. In fact, just last year, the FBI estimated that total losses were barely above the one-billion-dollar mark, so clearly, the scam is catching on and gaining momentum.

Unlike other scams, this one is decidedly low-tech, and compared to some of the other threats we’ve seen, not terribly sophisticated. That is, in fact, what makes it so dangerous. The key mechanism here is pure social engineering. The hackers study a given business’ typical workflow, and insert themselves into it, spoofing the email address of a CEO, or other high ranking corporate official, and requesting a wire transfer. Wanting to make a good impression on “the boss,” most employees who get this kind of email obey without question, and therein lies the problem.

Some experts have suggested that corporate email users immediately adopt two-factor authentication for email logins, but these experts miss a key point in the attack’s structure. The hackers aren’t hacking into email accounts, and because they aren’t, two-factor authentication (while a good idea in theory) won’t actually prevent these types of attacks. A better solution then, would be to put in place domain authentication routines, which would be able to ferret out spoofed emails and differentiate them from actual corporate email accounts. Even this is not a perfect solution, but it would go a long way toward solving the problem.

At the end of the day, however, what it comes down to is better employee training. If your employees are made aware of these types of attacks and the risks they pose, then they’ll be much more likely to use some non-computer type of verification (a phone call to the boss, for instance, to be sure that he or she was the one who actually requested the transfer). Social engineering scams are harder to beat than traditional hacks, but that doesn’t mean they’re impossible to prevent.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.