The number of BEC attacks through SMS is growing Experts warn
Businesses Email Compromise (BEC) attacks that involve threat actors who take on the identity of executives of businesses via emails and attempt to fool employees into making wire transfers or similar to it is becoming mobile security experts have been warned.
A report(opens in a new tab) by Trustwave discovered that the number of BEC attacks that use using the Short Message Service (SMS) instead of email is ever increasing.
The method is similar in that the attacker would call the victim, identify them as a executive of the company, and then provide the old report. The same message would be sent they’d also ask the person to make an electronic wire transfer, alter the account of a payroll company or ask them to transfer funds to the company in some alternative way.
More powerful than email
There are many advantages when making use of SMS to fight BEC attacks over emails according to the research. The most obvious benefit can be that you have less elements that could cause the victim to be suspicious. Even though every email has the address of the sender which is often the first method to test for scams, an SMS is only a phone number. In the majority of cases, employees do not have their boss’ numbers, and may not be able to verify the messages.
Additionally, attackers are able to turn down a phone call by stating that they’re at an event or are otherwise not able to respond to the phone. Additionally, SMS communications are more efficient than email, which allows attackers to get their task done much faster and more efficiently. Trustwave in addition highlighting an Federal Communications Commission (FCC) report that claims that text messages that are not requested doubled by 2022 when as compared to the year 2019.
Making wire transfers is something that can raise suspicion which is the reason why fraudsters typically ask victims to buy an online gift card instead. They’ll promise that the purchase will be refunded. The majority of times they would then ask their victims to purchase vouchers from Target, Google Play, Apple, eBay, or Walmart.
To guard the company from BEC attacks, companies should inform their employees about security(opens in a new tab) awareness, and make them verify the identities of all employees when they send SMS texts, Trustwave said.
In addition, they should create the awareness of their employees that private information can be retrieved from social media accounts and used for attacks. Finally, they must insist on the use of multi-factor authentication (MFA) whenever possible in order to make it difficult for criminals to gain access access to sensitive systems.
