BEC Fraudsters Divert $742,000 From Ocala City In Florida – Expert Comments

By   ISBuzz Team
Writer , Information Security Buzz | Nov 06, 2019 09:11 am PST

The City of Ocala in Florida fell victim to a business email compromise scam (BEC) that ended with redirecting over $742,000 to a bank account controlled by the fraudster(s).

The swindle involved a phishing email impersonating an employee of a construction company the city is using to build a new terminal at the Ocala International Airport.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Tarik Saleh
Tarik Saleh , Senior Security Engineer and Malware Researcher
November 6, 2019 5:14 pm

These type of attacks are an example of low-sophistication with high-reward. BEC attacks commonly involve malicious attachments with appropriate filenames such as ‘Purchase Order’ or ‘Invoice’ and typically are poisoned Office document files. This isn’t always the case though, as some successful BEC attacks can be done via only e-mails with no malware.

From a detection perspective, it’s sometimes more simple to detect malicious code being run on a computer versus a phishing e-mail that is grammatically benign.

BEC scammers typically have a deeper understanding of how to business transactions involving money are done. The more successful ones craft e-mails from fresh domains they’ve created (usually a spoof of their victims domain), ensure their e-mail grammar structure is correct and even other important details like Outlook signatures.

Mitigating and reducing the risks of BEC attacks are possible. Adjusting your e-mail server to enable DMARC is a great first step. DMARC is a protocol (Domain-based Message Authentication Reporting and Conformance) that specifically designed to help mitigate phishing attacks from attacker domains attempting to spoof your domain. MFA (Multi-Factor Authentication) on your e-mail accounts are critical to reducing the risk of a BEC scam. If an attacker manages to successfully phish an employee, they still will require a MFA token to successfully log in.

In addition, adjusting your business policies to require multiple forms of authentication before making a payment is appropriate. The risks of a business email compromise attack can be reduced by both technical and non-technical controls.

Last edited 4 years ago by Tarik Saleh

Recent Posts

Would love your thoughts, please comment.x