The Jamaica Gleaner published an article on December 6, 2020, about a Business Email Cyber Threat. Here’s a summary:
All Jamaican businesses should be familiar with the BEC acronym, which is a Business Email Compromise that targets businesses by sending electronic payments or unsuspecting individuals amid real estate or legal transactions. The scheme is carried out by compromising email accounts, domain spoofing, or other computer intrusions to conflict with unauthorized transfers. These attacks have grown under the pandemic usually take 3 forms:
- Compromised client: a legitimate client is compromised then monitored to identify their payment methods then at a convenient time, a payment request is issued from the compromised client email or domain
- Third-party compromise: a vendor of the client is compromised and a false invoice is submitted to the uncompromised client.
- Spoofed client: The domain is spoofed to look like the clients and the payment instructions through spoofed emails
Because of this attack, losses were exceeding US$2.7 billion and an average of US$75,000 per case in 2019. Jamaica has its share of BEC losses as the banks have been losing an average of J$4 million monthly to hackers and the attacks are growing more sophisticated.
The scams are so sophisticated that they can even fool the most discerning users. Computers and other devices that have been infected with the sophisticated keylogging and screen-grabbing malware and fake email addresses designed to look like a real email, for example, “company. co” as opposed to “company.com”
To avoid such an attack, if there is suspicion, pick up the phone and call to verify and account-information change in person, don’t click on anything in an unsolicited email or text message asking for an update or verification of account information.
Source: jamaica-gleaner.com
Contributed by Racqhttp://jamaica-gleaner.com/article/business/20201206/business-email-cyber-threatuel Bailey from Jamaica. Racquel is a member of the WISC Discord group from the G5 Cyber Security Foundation Ltd. Learn more about WISC (Women in InfoSec Caribbean) at wiscaribbean.org. WISC is a non-profit initiative supporting Caribbean women and girls to develop a career in Information Security.