author photo
By Bruce Sussman
Tue | Mar 17, 2020 | 9:09 AM PDT

From time to time, the FBI sends its partners in industry a Private Industry Notification (PIN) about pervasive cyberattacks.

And according to Bleeping Computer, the latest PIN went out this month regarding Business Email Compromise (BEC).

The US Federal Bureau of Investigation warned private industry partners of threat actors abusing Microsoft Office 365 and Google G Suite as part of Business Email Compromise attacks.

"The scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds," the FBI said in a Private Industry Notification from March 3.

The U.S. government says global BEC losses hit $26 billion between June 2016 and June 2019. Do you ever wonder how hackers can get their hands on that much money?

SecureWorld interviewed the top BEC investigator at the U.S. Secret Service about this ongoing cyber risk. 

Special Agent Chris McMahon delivered the keynote at a 2019 SecureWorld conference and discussed what he calls the Enterprise Business Model of Cybercrime.

"If you think about it, $26 billion is a staggering amount of money. It is surprising, in a sense, where bad actors can get their hands on that type of money, or at least attempted to get their hands on that type of money. But at the end of the day they do work at this. This is what they do for a living.

They spend their time focusing on the vulnerable people, they focus on businesses where they can compromise them, or accounts where they can just launder the money. And so that number is going to be even higher."

Listen to our complete podcast interview with Chris McMahon to help your organization understand the topic of BEC:

Says McMahon:

"As we've investigated these types of crimes and arrested people and been able to interview the bad actors, what we find is that these criminal organizations, and that's truly what they are... they're very good at what they do. And they run just like an actual business."

And at a time when much of the world is working remotely, cybercriminals may be doubling down on efforts to compromise your network through phishing kits that mimic Office 365 and Google's G Suite.

Tags: Phishing,
Comments