BEC Fraudsters Divert $742,000 From Ocala City In Florida – Expert Comments

The City of Ocala in Florida fell victim to a business email compromise scam (BEC) that ended with redirecting over $742,000 to a bank account controlled by the fraudster(s).

The swindle involved a phishing email impersonating an employee of a construction company the city is using to build a new terminal at the Ocala International Airport.


EXPERTS COMMENTS
Tarik Saleh, Senior Security Engineer and Malware Researcher,  DomainTools
November 06, 2019
Mitigating and reducing the risks of BEC attacks are possible.
These type of attacks are an example of low-sophistication with high-reward. BEC attacks commonly involve malicious attachments with appropriate filenames such as ‘Purchase Order’ or ‘Invoice’ and typically are poisoned Office document files. This isn’t always the case though, as some successful BEC attacks can be done via only e-mails with no malware. From a detection perspective, it’s sometimes more simple to detect malicious code being run on a computer versus a phishing e-mail that is grammatically benign. BEC scammers typically have a deeper understanding of how to business transactions involving money are done. The more successful ones craft e-mails from fresh domains they’ve created (usually a spoof of their victims domain), ensure their e-mail grammar structure is correct and even other important details like Outlook signatures. Mitigating and reducing the risks of BEC attacks are possible. Adjusting your e-mail server to enable DMARC is a great first step. DMARC is a protocol (Domain-based Message Authentication Reporting and Conformance) that specifically designed to help mitigate phishing attacks from attacker domains attempting to spoof your domain. MFA (Multi-Factor Authentication) on your e-mail accounts are critical to reducing the risk of a BEC scam. If an attacker manages to successfully phish an employee, they still will require a MFA token to successfully log in. In addition, adjusting your business policies to require multiple forms of authentication before making a payment is appropriate. The risks of a business email compromise attack can be reduced by both technical and non-technical controls.

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :



Join the Conversation

Join the Conversation


In this article