Vendor Email Compromise Attacks – Where are Cybercriminals Heading to?
- October 9, 2019
- Hiba Sulaiman
According to researchers, a newly discovered cybercriminal gang called ‘Silent Starling’ is switching from business email compromise (BEC) scams to vendor email compromise attacks. They initially target vendors or suppliers by sending phishing emails and then mimic vendor invoices to their customers to steal money. Agari, a security firm has revealed in its new research about these hackers and labeled this new attack as ‘vendor email compromise’. These hackers target businesses based in the US, UK, Canada, and Western Europe.
Fake Invoices to Disrupt Supply Chain Process
Silent Starling is operating since 2018 and has targeted more than 500 businesses throughout the world. According to an estimate, it has compromised about 700 employees’ email accounts. Crane Hassold, the senior director of threat research at Agari, says this new trend of business email compromise attacks will grow because hackers have developed the ability to create original-looking invoices that can potentially cause disruption for vendors and suppliers.
More About Business Email Compromise (BEC) Attacks
With a more sophisticated approach to email scamming, this gang is using advanced tactics for stealing from organizations across the world. This approach consists of social engineering to trick firms into paying invoices for services. These email attacks are different from the standard Business Email Compromise (BEC) attacks because it does not use a fake request for a money transfer. It rather involves the supply chain with hackers only benefiting from it once they are convinced that the invoices are real and coming from legitimate services.
How do these Attacks work?
The BEC attacks involved gaining access to business email accounts and then using them for fraudulent wire transfers. In a BEC attack, hackers access the CEO’s email accounts and send messages to the payroll department to request wire to attacker-controlled accounts. This approach makes the attack difficult to detect and it only becomes obvious when a vendor asks why a payment wasn’t received.
So what happens is that an attacker typically sets up alerts for keywords related to finance, like invoice or payment, to gather the information they require to conduct business email compromise attacks. They also add-in normal language used by real senders and at times when they tend to be most active. They also gain access to all attachments in the email, allowing them to create fake invoices that look real – because they look exactly like the original ones. Hackers get this done by making copies of the template compromised which the vendor uses to issue payment receipts.
How to Place a Check on Invoices in the Future?
Besides investing in a good cybersecurity testing company, businesses can protect themselves from such attacks by placing a secondary check on all outgoing payments. They should also check that all protocols of the payments have been followed and all suspicious activities are observed, just like any messages being forwarded to unknown email addresses. In the meanwhile, security companies should come up with better solutions to mitigate these risks and avoid any fraudulent activities in the future.