The FBI recently revealed a case of business e-mail compromise that targeted an unnamed company in the United States through a deceptive email.
In the email, the company CEO who was out of the country for a vacation purportedly requested the corporate accountant to transfer funds in the amount of more than $700,000 to a bank in China on that same day.
The accountant found the following day that the email was a fraud after the CEO denied during a phone call that he requested the transfer.
According to the FBI, the email was part of a financial fraud that has grown to be more sophisticated through the years and found extensive use in schemes to target mobile devices that connect to corporate networks. The FBI admits that the deceptive form of email was more advanced and complex than the previous business e-mail compromise.
In the age of social media when almost everyone shares the moments of their life on Facebook or Twitter, nothing can be more susceptible to attacks than the users themselves.
There have been thousands of companies in the United States that have fallen victim to this form of social engineering, according to FBI’s count, reaching more than $700 million in financial losses since 2013. The targets are most often the small and mid sized firms.
The culprits responsible for these attacks are advanced hackers who are working for large crime organizations in Africa, Eastern Europe and Middle East, where they work from hidden rooms mining data from social media and other websites in order to build up fraudulent schemes targeting unsuspecting users through, for example, lottery spam emails. I am quite sure you do not lack for messages like this in your spam folder now.
Hackers monitor not only data from social networking sites with large user bases such as Facebook, LinkedIn, Twitter, Instagram and others, but also information from connected devices in what is popularly called as the Internet of Things, as well as data from smart wearables, which also find extensive use among people who increasingly grow concerned of their health. Most wearables nowadays are accompanied by health apps to monitor pulse rates, blood pressure and other health related data.
In order to minimize the attack surface for hackers, install the necessary security tools in your email. There are a lot of security vendors that offer software for detecting email-based fraud. Also, learn about the many ways used by hackers to target users, from the most basic to the sophisticated ones.