Peterborough, a town in New Hampshire, was recently the focus of an attack by BEC scammers who were able to diver a number of bank transfers before being discovered.

This occurred when the cybercriminals shared forged documents to workers in the Finance Department of the town, requesting them to complete amendments to account information for a range of different payments. This complex scam was responsible for more than one email exchange between workers. It is clear that the cybercriminals had completed in-depth research to ascertain the most valuable transactions to focus on.

The scam was first identified when the ConVal School District alerted the town when they had never received a $1.2 million transfer of funds that had been. Peterborough officials looked into this and confirmed that the transfer had been made. However, the investigation also confirmed that the bank account details had been changed and that two large bank transfers to the contractor in question had been sent to hacker-controlled accounts. Overall, $2.3m was stolen  in the attack.

BEC attacks are complex in nature. Cybercriminals have finely-honed talents for conducting these campaigns and can very simply fool finance department workers into believing that they are being directed by the CEO, CFO, or a vendor using email, since the authentic email account is being used. The hackers also research the type of emails normally shared by the owner of the account and copy that style so as not to be detected.

There is a process that groups must employ in order to prevent the initial attack vector and to discover scams in time to prevent any fraudulent transfers of funds. The main security measure in this type of attack is a spam filtering solution, which will tackle block the first phishing email used to obtain the credentials for internal email accounts. SpamTitan uses a variety of features to spot and quarantine these phishing emails, including machine learning technology that can identify email messages that are not the same as normal messages usually received by staff members. Outbound scanning is used to discover phishing attacks as the cybercriminals attempt to use employee email accounts to infiltrate the accounts of their final target – the CFO or CEO. Rules can also be set to flag attempts to share sensitive data – such as W-2 forms – using email.

Along with spam filtering, it is crucial for groups to raise awareness of the threat of BEC attacks in their group, particularly among workers in the finance department. Policies and processes should also be implemented that require any change to payment details to be verified by telephone using previously confirmed contact details. Using these simple steps can be the difference between tackling an attack and sending millions of dollars directly to the hackers’ accounts.

Contact the TitanHQ team now if you wish to enhance your cybersecurity measures in the face of BEC and phishing attacks.