KnowBe4 issued a warning about a new scam using ransomware to target high level business executives. The threat is being called a “Business E-Mail Compromise” (BEC) by the FBI and leads to a version of a man-in-the-middle scam that targets a company’s CEO, CTO, CFO, and/or Controller. The C-level exec receives a business email from an existing, well-known vendor requesting a wire transfer to a specific bank account. The email looks legit, comes from a known, trusted business associate, and is about a recent delivery or transaction.
Stu Sjouwerman, KnowBe4’s CEO said, “This attack is particularly insidious. By the time the request comes in, the bad guys have already penetrated your network and have been monitoring and studying what went on for considerable time. They can accurately identify the individuals and protocols to perform wire transfers within your specific business environment.”
In the last 14 months there have been 1198 victims within the U.S resulting in a loss of $180M dollars.The wire transfers get rapidly forwarded and usually wind up at banks in Hong Kong. The Internet Crime Complaint Center (IC3) cited China and Hong Kong as the most commonly reported ending destination for the fraudulent transfers.
The IC3 alert said: "Victims may also first receive “phishing” e-mails requesting additional details of the business or individual being targeted (name, travel dates, etc.) Some victims reported being a victim of various scareware or ransomware cyber intrusions, immediately preceding a BEC scam request."
Sjouwerman suggests IT managers take the following precautionary steps:
“Alert your execs. These scams are getting more sophisticated by the month so be on the lookout.
Grab this free Social Engineering Red Flags PDF, print and laminate it, and give it to your C-level execs. https://s3.amazonaws.com/knowbe4.cdn/SocialEngineeringRedFlags.pdf
Read the IC3 Alert in full, and apply their Suggestions For Protection.https://www.ic3.gov/media/2015/150122.aspx
Step employees through an effective program like Kevin Mitnick Security Awareness Training to prevent social engineering attacks like this from getting through. “
For more information, visit www.KnowBe4.com.
About Stu Sjouwerman and KnowBe4
Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, LLC, which provides web-based Security Awareness Training (employee security education and behavior management) to small and medium-sized enterprises. A data security expert with more than 30 years in the IT industry, Sjouwerman was the co-founder of Inc. 500 company Sunbelt Software, an award-winning anti-malware software company that he and his partner sold to GFI Software in 2010. Realizing that the human element of security was being seriously neglected, Sjouwerman decided to help entrepreneurs tackle cybercrime tactics through advanced security awareness training. KnowBe4 services hundreds of customers in a variety of industries, including highly-regulated fields such as healthcare, finance and insurance and is experiencing explosive growth with a surge of 427% in 2013 alone. Sjouwerman is the author of four books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses.
About Kevin Mitnick
Kevin Mitnick is an internationally recognized computer security expert with extensive experience in exposing the vulnerabilities of complex operating systems and telecommunications devices. He gained notoriety as a highly skilled hacker who penetrated some of the most resilient computer systems ever developed. Today, Mitnick is renowned as an information security consultant and speaker, and has authoreIn cd three books, including The New York Times best seller Ghost in the Wires. His latest endeavor is a collaboration with KnowBe4, LLC.