FBI sees increase in use of virtual meeting platforms for BEC scams
The US Federal Bureau of Investigation said today that it had seen an increase in the use of virtual meeting platforms as a way to trick organizations into sending payments to the wrong accounts as part of a type of attack known as BEC scams.
Typically, as their name suggests, business email compromise (BEC) scams usually take place via email.
Hackers compromise an executive's email address and use it to instruct employees or external business partners into sending urgent or future payments at a new bank account; owned by the scammers or their money mules.
The technique, while simple, is extremely hard to detect and has been the primary cause of the vast majority of cybercrime-related losses in the US for the past five years, being responsible for $1.8 billion in lost funds in 2020 alone.
But in a security alert published today, the FBI said that the recent shift to online working caused by the ongoing COVID-19 pandemic has also had an impact on how some recent BEC attacks are also taking place.
The Bureau said that between 2019 through 2021, it has received an increasing number of reports where BEC groups have used virtual meeting platforms as part of their attacks.
While the agency did not release any concrete numbers, it did share three scenarios in which BEC scammers have used virtual meeting tools as part of their attacks:
- Compromising an employer or financial director's email, such as a CEO or CFO, and requesting employees to participate in a virtual meeting platform where the criminal will insert a still picture of the CEO with no audio, or "deep fake" audio [PDF], and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email.
- Compromising employee emails to insert themselves in workplace meetings via virtual meeting platforms to collect information on a business's day-to-day operations.
- Compromising an employer's email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer.
The FBI's warning today comes as many employees are pushing their employers into allowing remote work beyond the COVID-19 pandemic, which would mean that virtual meeting platforms will most likely remain a mainstay in many corporate work environments.
In the hopes of helping companies understand the risks of possible BEC scams via this new communications medium, the FBI has shared today a series of recommendations and security settings that corporate system administrators will most likely want to implement:
- Confirm the use of outside virtual meeting platforms not normally utilized in your internal office setting.
- Use secondary channels or two-factor authentication to verify requests for changes in account information.
- Ensure the URL in emails is associated with the business/individual it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
- Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.