Something New: The Dual Impersonation Business Email Compromise Scam

As far as phishing emails go, business email compromise (BEC) are amongst the most sophisticated. In BEC, “typically an attack targets specific employee roles within an organization by sending a spoof email which fraudulently represents a senior colleague (CEO or similar) or a trusted customer.”

BEC attacks take time and planning and patience. After all, the attackers are attempting to impersonate a real person, so they have to be very convincing. Now word comes from ZDNet of a sophisticated new group of Russian hackers targeting big companies around the world with BEC phishing emails. Their clever new twist? They’re attempting to impersonate two people.

According to the article, “the initial emails detail a supposed acquisition of an Asian company, which the person receiving the email is told is both time-sensitive and secret, so shouldn’t be discussed with anyone else.” But here’s where things get clever.

“Following the initial email, the ‘CEO’ then CCs in a lawyer to help complete the financial transaction. The emails from law firms [are] almost entirely based on real practices in the UK. It’s after the ‘lawyer’ is involved that the attack finally attempts to coerce the victim into transferring the hundreds of thousands, sometimes millions, of dollars supposedly required for the acquisition that are directed to mule accounts in Hong Kong and then into the hands of the cyber criminals.”

If you’ve been paying attention, first the hackers impersonate someone reaching out to the CEO about a company acquisition, then they impersonate their lawyer reaching out to them to complete the deal. That’s quite a bit of impersonating and it doesn’t happen very often,

“It is very rare for a BEC group to use a dual impersonation scheme, which demonstrates the amount of additional effort [they’re] willing to put into their attacks to make them more realistic.”

It’s hard enough to defend yourself against a well-crafted BEC scam impersonating one person. How are you supposed to defend yourself against dual impersonation? The same way. With cloud-based real-time email security designed to sniff out ALL phishing emails.

It really doesn’t matter if it’s one spoofed email or a dozen, the same technology can be used to stop both. Technology like that available from Phish Protection.

Phish Protection protects against all the techniques required to make BEC successful. Techniques like domain name spoofing, display name spoofing and malicious attachments. Phish Protection also comes with real-time link click protection to stop the most sophisticated phishing attacks today: time-delayed phishing attacks.

If you’re worried about BEC or any other type of phishing attack, check out Phish Protection. It works with all major email providers, sets up in 10 minutes and costs just pennies per user per month. Try it free for 60 days.