As companies rush to protect their networks and customer data, cybercriminals are targeting employees. In a new wave of phishing scams, employers that use direct deposit pay platforms have borne the brunt of insufficient security measures. Without reliable Irvine IT support, the losses due to business email compromise (BEC) could reach millions of dollars.
Scoring in Your Own Goal
To carry out these scams, the hackers first steal an employee’s data. In most occasions, though, employees unwittingly serve this information on a silver platter by oversharing about their jobs on social media. Armed with this, hackers can carry out a multipronged attack that fleeces large sums of money from the organization.
- The salary scam – The cybercriminals send an email to the HR department, impersonating a company employee whose personal data they have accessed. In the email, the scammers request for the change of the employee’s payroll information and provide new bogus banking details that allow them to receive the employee’s payroll deposits. Without hawk-eyed Irvine IT support providers, this deception may go on for a while. That is because the emails look too legit to raise any eyebrows with the payroll team.
- Company payments scam – Another face of the direct deposit scam is company payments. The hackers impersonate a top executive at the company and send an email to the staff responsible for wire transfers. The email asks them to authorize a wire transfer to the provided account for ‘funding company operations’ but that account belongs to the scammer
- The tax scam – The scammers could also impersonate management and request the W-2 forms together with earning and personal details of the company employees. The scammers then use this information to file fraudulent tax returns and get refunds from the IRS.
Threat Actors in Business Emails Compromise
BEC attacks such as these are on the rise. The threat actors range from moderate to highly skilled hackers. The FBI reports that the losses due to BEC attacks reached $1.3 billion in 2018. Close to 6,029 businesses are targeted every month.
The scope of BEC attacks could be broader, including fraudulent billing, international transfers, and escrow payments. The hackers use some level of sophistication to make their requests appear real. That includes Remote Desktop Protocol, VPN infrastructure, and VoIP phones. They first steal critical company data before proceeding with phishing.
Defense Strategies Against BEC
- Email scanning and IP blocking
- Using company email accounts (avoid web-based emails)
- Multi-factor authentication for business email accounts
- Creating a culture of awareness/ employee education on cyber threats and tactics they use
- Personal verification before sending money
We Can Help
At Advanced Networks, we provide comprehensive Irvine IT support for businesses. We can help with cutting-edge security measures and education to safeguard your business from email scams and other related attacks. Contact us today to learn more.