2 min read

FBI warns of fake CEO attacks taking place via video conferencing systems

Graham CLULEY

February 21, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
FBI warns of fake CEO attacks taking place via video conferencing systems

The FBI has issued a warning that organisations should be on their guard against BEC (Business Email Compromise) attacks involving virtual meeting platforms.

Typically BEC scams work through the exploitation of compromised business email accounts, using a variety of techniques to trick unsuspecting workers into transferring funds into a bank account under the control of the scammer.  Often this might involve the creation of convincing invoices for genuine work that is taking place, or a bogus instruction from a "boss" to move money into an overseas bank account.

In its alert, the FBI's Internet Crime Complaint Center (IC3) warns that it has received an increasing number of reports that BEC scammers are using virtual meeting platforms (such as video conferencing systems) to instruct workers to transfer funds to fraudulent accounts.

According to the warning, the use of virtual meeting platforms by criminals has increased since 2019 because of the rise in remote work because of the COVID-19 pandemic.

The FBI's IC3 draws attention to three methods through which BEC scams can be conducted via virtual meeting platforms:

  • An senior employee, such as a CEO or CFO, might have their email account hacked.  A request is sent to a worker to participate in a virtual meeting platform where the scammer will claim that their video/audio is not working properly.  A still picture of the CEO may be displayed on the virtual platform with no audio, or - in some instances - with deepfake audio.  Employees are then instructed to initiate fund transfers via the chat functionality of the virtual meeting platform or a subsequent email.
  • Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business's day-to-day operations.
  • Sending spoofed emails to employees from the compromised email account of the CEO (or another senior employee) instructing them to initiate fund transfers, as the CEO claims to be occupied in an online meeting and is thus unable to start the transfer of funds from their own PC.

The FBI advises companies and individuals to be on their guard against the use of virtual meeting platforms that are not normally used inside your particular office setting.  In addition, multi-factor authentication should be used to protect accounts better.

Furthermore, the FBI offers advice on checking links do not contain misspellings of a company's domain name, and that they do come from the business or individual they claim to be from.

In addition, the advisory reminds users to refrain from emailing login credentials or personal information of any sort via email, and to be wary of emails that request personal information.

Perhaps the best advice of all, however, is for businesses to have a formal method for initiating fund transfers that allow staff to double-check their veracity.  Such processes should be explained throughout the company, and it be made clear that no-one - not even the CEO of the business who might (or might not) be busy on a video call - can shortcut.

Last year, the FBI declared that BEC had caused over $1.8 billion worth of dollars in 2020 - a figure 64 times higher than the amount estimated to have been paid out to ransomware gangs.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data EU Privacy Watchdog Set to Prohibit Meta From Running Ads Based on Personal Data
Vlad CONSTANTINESCU

December 07, 2022

1 min read
Versailles hospital cancels operations after ransomware attack compromises computer systems Versailles hospital cancels operations after ransomware attack compromises computer systems
Alina BÎZGĂ

December 06, 2022

1 min read
Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware Design Flaw Accidentally Turns Open-Source Ransomware Toolkit into Wiper Malware
Vlad CONSTANTINESCU

December 06, 2022

2 min read