Increased risk alert for Business Email Compromise (BEC) attacks during the festive period, by FBI and CISA.
As the holiday shopping season approaches, businesses and individuals are being warned of an increased threat from cybercriminal activities, particularly payment fraud. According to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), threat activity involving fraudulent third parties is expected to accelerate during this period.
Jerry Keely, a cybersecurity advisor in CISA's Region 9, has emphasised that the customers of businesses are not immune to these threats. Officials urge businesses and individuals who are targeted to promptly report incidents to the FBI’s Internet Crime Complaint Center (IC3).
One of the most common methods of payment fraud is business email compromise attacks. During the holiday season, authorities say there is a heightened threat of these attacks. Mary Gleason, supervisory special agent at the FBI field office in Phoenix, advises businesses to be very leery of any changes in payment information for their vendors.
To protect themselves against fraudulent payment redirection, businesses are recommended to verify payment instructions independently. This means confirming requests through a known contact method rather than relying solely on email communications. Fraudsters often impersonate trusted individuals or vendors to redirect payments.
Businesses should also be wary of phishing and domain spoofing attacks. Attackers use sophisticated tactics to gain victims' trust and redirect payments to fraudulent accounts. Vigilance about suspicious emails or websites that imitate legitimate brands or vendors is crucial.
Reporting suspicious incidents promptly is also crucial. If a business encounters a suspicious message or fraudulent payment attempt, it should report it immediately to IC3. This helps law enforcement track emerging threats and coordinate responses.
Implementing strong authentication controls is another key practice. Robust authentication for payment systems and vendor portals can reduce the risk of unauthorized changes. Federal initiatives encourage more data collection and information sharing among financial institutions and businesses to detect and prevent payment fraud more effectively.
A local municipality in Arizona was targeted for $5 million in a cyber attack, but after reporting the incident to the FBI and IC3.gov, asset recovery was triggered and nearly all of the funds were returned. This underscores the importance of prompt reporting in combating payment fraud.
In conclusion, vigilance, verification, and timely reporting remain the best defenses against payment redirection fraud during the holiday season. By adopting these key practices, businesses can protect themselves and their customers from potential cyber threats.
Businesses should verify payment instructions independently to prevent fraudulent payment redirection, as attackers often impersonate trusted individuals or vendors to redirect payments. Prompt reporting of suspicious incidents to the FBI’s Internet Crime Complaint Center (IC3) is crucial in combating payment fraud, as demonstrated by the successful asset recovery of a local municipality in Arizona.
%20attacks%20during%20the%20festive%20period%2C%20by%20FBI%20and%20CISA.){kind=link}