The most difficult attack for companies to deal with is the one that changes to suit the company it is attacking. There is no one set-up that fully deals with the technical problems- so a company has to be aware of the problem. This is the case with Big Bad Wolf fraud.
The attacker impersonates either
- The CEO
- A supplier/vendor
- An employee
The attacker may have sent an email through
- a compromised work email account-so it is genuine,
- a hacked personal email account
- a spoofed email domain similar to that of the organization.
The attacker then engages in a conversation to arrange for either a change of bank account details for one of the suppliers or to make a bank transfer straight away.
There are a number of further disturbing features about this attack.
- attackers seem to have collected a lot of information on the company
- in many cases there is undetected malware involved
- attackers are aware of the CEO’s diary engagements
- in many cases the actual email account of the CEO/CFO is used.
These make the attack very difficult to detect.This advisory from the FBI and Financial Services Information Sharing and Analysis Center gives a good level of detail BEC_Joint_Product_Final
As can be seen the attackers are combining hacked email accounts, malware, spoofing and social engineering to make the transaction happen. All employees need to be aware of this attack and all companies need to put in place controls around payments to try and prevent it succeeding. Telephone confirmation of such a request to change a suppliers payment details is one such control. More are outlined in the attached document.
