The Federal Bureau of Investigation (FBI) issued a warning recently that BEC (business email compromise) cyberattacks on virtual meeting platforms are becoming increasingly common. BEC fraudsters are notorious for compromising company email accounts using different approaches (including social engineering, phishing, and hacking) to route money to their bank accounts.
The malicious actors target small, medium, and big enterprises, as well as people, in this form of attack. The success rate is likewise relatively high because cybercriminals frequently act as someone employees trust, such as business partners or CEOs. Recently, the FBI claimed in a Public Service Announcement that fraudsters were migrating to virtual meeting platforms, which matched the more significant trend of firms going to remote work during the epidemic.
“Between 2019 through 2021, the FBI IC3 has received an increase of BEC complaints involving the use of virtual meeting platforms to instruct victims to send unauthorized transfers of funds to fraudulent accounts,” said the FBI. According to the FBI’s public service announcement, fraudsters use such collaboration platforms in various ways, including impersonating CEOs in virtual meetings and infiltrating meetings to get corporate information:
- Compromise an employer’s or financial director’s email, such as a CFO’s or CEO’s, and request that employees take part in a virtual meeting platform where the criminal will insert a still image of the CEO with no audio, or “deep fake1” audio, and claim that their video/audio is not working correctly. They then urge staff to start financial transfers using the virtual meeting platform chat or an email follow-up.
- Compromise an employer’s email, such as the CEO’s, and send faked emails to workers asking them to execute funds transfers, claiming that the CEO is involved in a virtual conference and unable to initiate cash transfers through their computer.
- Using employee emails to infiltrate workplace meetings via virtual meeting platforms to gather data on a company’s day-to-day activities.
According to the FBI’s annual report on cybercrime for 2020, BEC scams are a very profitable “business,” with BEC assaults accounting for a record number of complaints and $1.8 billion in financial damages. BEC or email account compromise (EAC) schemes were the subject of 19,369 of the 791,790 complaints received by the FBI’s Internet Crime Complaint Center (IC3). According to the FBI, BEC attacks are increasingly targeting state, local, tribal, and territorial (SLTT) government institutions, which issued a warning to US private sector firms in March 2021.