Flippin’ BEC. Sometimes say NO to the CEO !

Do you know what BEC stands for? Neither did we. It stands for Business e-mail Compromise and it is a social engineering attack against businesses, which is very much on the up. So much on the up, that we have seen a number of attacks against friends and family in the very recent past.

Here’s how the stunt works – Using a spoofed email address, the attackers contact a member of the business, usually an employee in the accounts department, to make an emergency wire transfer to a third party on behalf of the CEO (the scammed email appears to come from The Chief).

The dialogue in the email is usually very persuasive and buys the victim in using language such as ‘as ever, I value your total discretion and know I can trust you’….

Because the ‘reply to’ field in the mail sends replies to the perpetrator, a dialog can then ensue without raising suspicions.

Estimates of losses to this sort of scam vary significantly but are certainly in the billions worldwide, so we urge you to be on your guard.

We would advise you to train all accounts staff appropriately and ensure that they escalate anything suspicious. It is always a good idea to confirm the actual email address (rather than the name) of a sender if you are suspicious and you should train your people on how to do this using your email client.

Education is as ever, the most important component of protection.

A scary fact about these particular attacks is the level of research undertaken to identify the appropriate individuals – where does this information come from and what else do they know?

In other news, following on from the über compromises of Juniper and Fortinet, it is the turn of Cisco, who’s ASA products have been found to have an issue in a piece of fragment reassembly code (IKE packets) that may enable an attacker to take a box off the air or perhaps take control of it remotely.

The SANS institute is reporting increased IKE traffic so this could get out of hand quite quickly. We are working through our customers and advising on an upgrade schedule as appropriate.

You can read the Cisco announcement here:

And the SANS detail here:

If you are not an ITC NetSure360°customer yet, get patching and if anyone, customer or otherwise wishes to discuss this vulnerability, wire scams or anything about information security, please get in touch with us at: 020 7517 3900 or email us at [email protected].

Happy Valentines Day. <3 (especially to our customers).