2 min read

FBI warns of fake CEO attacks taking place via video conferencing systems

Graham CLULEY

February 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI warns of fake CEO attacks taking place via video conferencing systems

The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms.

Typically BEC scams work through the exploitation of compromised business email accounts, using a variety of techniques to trick unsuspecting workers into transferring funds into a bank account under the control of the scammer.  Often this might involve the creation of convincing invoices for genuine work that is taking place, or a bogus instruction from a "boss" to move money into an overseas bank account.

In its alert, the FBI's Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts.

According to the warning, the use of virtual meeting platforms by criminals has increased since 2019 because of the rise in remote work because of the COVID-19 pandemic.

The FBI's IC3 draws attention to three methods through which BEC scams can be conducted via virtual meeting platforms:

  • An senior employee, such as a CEO or CFO, might have their email account hacked.  A request is sent to a worker to participate in a virtual meeting platform where the scammer will claim that their video/audio is not working properly.  A still picture of the CEO may be displayed on the virtual platform with no audio, or - in some instances - with deepfake audio.  Employees are then instructed to initiate fund transfers via the chat functionality of the virtual meeting platform or a subsequent email.
  • Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business's day-to-day operations.
  • Sending spoofed emails to employees from the compromised email account of the CEO (or another senior employee) instructing them to initiate fund transfers, as the CEO claims to be occupied in an online meeting and is thus unable to start the transfer of funds from their own PC.

The FBI advises companies and individuals to be on their guard against the use of virtual meeting platforms that are not normally used inside your particular office setting.  In addition, multi-factor authentication should be used to protect accounts better.

Furthermore, the FBI offers advice on checking links do not contain misspellings of a company's domain name, and that they do come from the business or individual they claim to be from.

In addition, the advisory reminds users to refrain from emailing login credentials or personal information of any sort via email, and to be wary of emails that request personal information.

Perhaps the best advice of all, however, is for businesses to have a formal method for initiating fund transfers that allow staff to double-check their veracity.  Such processes should be explained throughout the company, and it be made clear that no-one - not even the CEO of the business who might (or might not) be busy on a video call - can shortcut.

Last year, the FBI declared that BEC had caused over $1.8 billion worth of dollars in 2020 - a figure 64 times higher than the amount estimated to have been paid out to ransomware gangs.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

US Charges Venezuelan Cardiologist with Using, Selling Ransomware US Charges Venezuelan Cardiologist with Using, Selling Ransomware
Vlad CONSTANTINESCU
1 min read
Russian cyber attack on Eurovision foiled by Italian authorities Russian cyber attack on Eurovision foiled by Italian authorities
Graham CLULEY

May 16, 2022

1 min read
Scam Pixelmon NFT Website Hosts Password-stealing Malware Scam Pixelmon NFT Website Hosts Password-stealing Malware
Vlad CONSTANTINESCU
1 min read