Avoiding Business Email Compromise (Spearphishing)

Posted December 17, 2021

Business Email Compromise (also known as CEO Fraud) is when a cybercriminal will email the employee of a business impersonating someone with authority to scam funds from the company or obtain confidential information.

In this blog we are going to solely focus on one specific aspect of Social Engineering which is Spear Phishing and Social Engineering.  As defined by Oxford Languages

Social Engineering: the use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.

Spear Phishing:  the fraudulent practice of sending emails ostensibly from a known or trusted sender to induce targeted individuals to reveal confidential information.

Spear Phishing Examples

Initially most of these attempts were done by requesting a large wire transfer to pay for goods or services.  Variants of this include updating mailing addresses or bank account information from a vendor for payment, getting a “late” or “unpaid” notice from a common vendor, or asking for a gift card purchase.  Examples would include emails “from”:

• The CFO asking for an emergency wire transfer to a new vendor.
• A vendor changing their bank account information before a large invoice is to be paid.
• The CEO asking for a large number of high value gift cards to be handed out to clients.

Email Address Spoofing

The most common method is spoofing an email address.  Let’s look at a couple of examples using:

• CEO: John Smith
• Company: Example Company
• Email: jsmith@examplecompany.com

Often the “name” in the email may be accurate, but if you look at the email address itself it is clearly not the email of the person.

John Smith johnsmith@compny.com (note the “a” is missing in .company)

Or the email may come from a gmail or yahoo account with a message “I’m emailing you from my personal email.”

John Smith johnsmith392@gmail.com

A newer technique is to use a replacement letter to make a visual review of the email address look legitimate:

John Smith johnsmith@exampIecompany.com You may not even see the difference, but that email address is using a capital “I” to replace the lower case “l”.

Identifying Spoofed Emails

Here are 4 methods which can be used to identify a spoofed email

1. Be on the lookout for anything UNUSUAL. Perhaps the signature is different, or the CEO called you by your full name and always use a nickname.  The request itself could be unusual.  Has the CFO ever asked you to wire funs to this company?
2. Be wary of pressing issues. If the vendor threatens to pull services if it is not done immediately or you’re being asked to drop everything to get it done, it’s worth questioning.
3. Look closely at the email. johnsmith@examplecompany.com is different from johnsmith@examplecompny.com
4. If you are suspicious:
   • Contact the person directly.
   • Do not reply to the email or call the number on the email.
   • If you have the person’s number, use it. If you do not, locate their website through a search or go directly there.  Again, do not click on a link in the email.

These attacks have proven to be effective when there has been a bit of research done on the company.  For example, if the cybercriminal knows a supplier or vendor, they can contact the employee as that vendor or reference them while impersonating the CFO.  However, these criminals cannot exactly duplicate the way the person typically engages or the type of request.

In addition to implementing preventative measures against these efforts, you need to safeguard your business with Cyber Insurance.  Please contact your Account Manager or contact us at 781.444.3050 to discuss.