A professional Russian cybercriminal gang has moved from tried and trusted banking trojans and click fraud malware techniques to business email compromise. For now, they are largely targeting senior executives at Fortune 500 or Global 2000 companies. Victims are estimated to have stolen millions of dollars from companies in 46 countries since mid-2019.

According to an investigation, an attack typically begins with the impersonation of a company’s CEO with an email sent out from his or her email address:
  • The target, a senior employee such as managing director or general manager receives the email and is asked to work with “external legal counsel” to co-ordinate payments required to close a fake corporate merger or acquisition.
  • The scammers ask the targeted employee to keep details of the transaction strictly confidential because of their “sensitive nature.”
  • Some of the emails even open with a reference to the current Covid-19 pandemic to build rapport with their intended victim and remove any concerns.
  • The emails are professional and don’t contain grammatical errors or misspelled words. Rather the emails are detailed and use vocabulary in keeping with the language used by a typical CEO.
The targeted employee is put in contact with a ‘lawyer’ to help facilitate the fake acquisition of the foreign company. However, the lawyer is a fraudster, impersonating a real lawyer. If the employee falls for it they are duped into moving funds into bank accounts.

The filter

While these attacks are aimed at high-level targets in the cybercriminal underground what starts at the top generally filters down to the lower levels as the techniques become known and their success is apparent.

Small businesses are already targets of these business email compromises.

The important thing is to remember that these attacks are real and small businesses are targets, even if many small business owners can’t imagine it.
  • Protect all computers against malware, which can and does steal personal information that can be used in business email compromise attacks. Having robust cybersecurity is essential.
  • Educate employees about these types of emails and ensure that emails requesting payments are confirmed in person.
  • One in five small firms says a cyber-attack has been committed against their business in the two years to January 2019. More than seven million individual attacks are reported over the same period, equating to 9,741 incidents a day.
  • An early 2020 BullGuard survey revealed that 18.5% of business owners have been victims of a hack in the past 12 months.