Cyber Crime

BEC scams, hacked accounts available from $150 up to $5,000

Security experts from Digital Shadows have conducted an interesting study about the technique adopted by crooks to infiltrate company emails, so-called BEC scam.

According to the FBI, the number of business email account (BEC) and email account compromise (EAC) scam incidents worldwide reached 78,000 between October 2013 and May 2018.

Business email compromise (BEC) and email account compromise (EAC) scam losses worldwide increased by 136% from December 2016 to May 2018, in the same period overall BEC/EAC losses result in $12 billion.

Experts from Digital Shadows highlighted the availability of huge archive online that could be used by crooks to target the companies. It is quite easy to find online AWS buckets containing backups of email archives, the same data could be found on publicly-accessible rsync, FTP, SMB, and NAS drives.

The experts estimated that some 12.5 million archive files (.eml, .msg, .pst, .ost, .mbox) containing sensitive and financial information have been exposed online.

“Digital Shadows detected 33,568 email addresses of finance departments exposed through third party compromises. Eighty-three percent (27,992) of these emails had passwordsassociated with them. If these passwords have been reused for corporate accounts, this may leave organizations at risk to account takeovers.” reads the report published by Digital Shadows.

Experts found over 50,000 email files that contained terms such as “invoice”, “payment”, or “purchase order” terms in misconfigured or unauthenticated file stores.

In some cases, the compromised email archives included also passport scans. According to the report, crooks use to search for company emails that contained “ap@”, “ar@”, “accounting@”, “accountreceivable@”, “accountpayable@”, and “invoice@”.

Company credentials are a valuable commodity in the cybercrime underground, they are offered up to $5,000 for a single username and password pair.

The growing interest of cybercriminals in BEC scams has driven the growth of BEC-as-a-Service,  this kind of services is widely available for as little as $150.

“It’s possible to outsource this work to online actors, who will acquire company credentials for a set fee or percentage of earnings. The price will vary depending on the type of mail service, but services are available from as little as $150.” continues the report.

Experts warn that BEC attacks are a global problem, email archives are exposed predominantly across the European Union (5.2 million), North America (2.9 million), and Asia-Pacific (2 million).

In order to reduce the risk, Digital Shadows experts recommend the following measures to organizations:

  • Update security awareness training content to include the Business Email Compromise (BEC) scenario
  • Include BEC within incident response/business continuity planning
  • Work with wire transfer application vendors to build in manual controls, as well as multiple person authorizations to approve significant wire transfers
  • Continuously monitor for exposed credentials. This is particularly important for finance department emails
  • Conduct ongoing assessments of executives’ digital footprints – threat actors will perform their reconnaissance on high-value targets. Start with using Google Alerts to track new web content related to them
  • Prevent email archives being publicly exposed
  • Businesses should be aware of the risks of their contractors who back up their emails on Network Attached Storage (NAS) devices. Users should add a password and disable guest/anonymous access, as well as opt for NAS devices that are secured by default.

Below the key findings of the report:

  • Corporate email accounts can be compromised for as little as $150
  • A look inside the planning of a targeted Business Email Compromise campaign
  • More than 33,000 accounting email credentials are exposed
  • 12.5 million email archive files are exposed across online file stores
  • The risks of BEC can be mitigated with a range of security measures
[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – cybercrime, fraud)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco warns of password-spraying attacks targeting Secure Firewall devices

Cisco warns customers of password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services…

2 hours ago

American fast-fashion firm Hot Topic hit by credential stuffing attacks

Hot Topic suffered credential stuffing attacks that exposed customers' personal information and partial payment data.…

6 hours ago

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

20 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

1 day ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

2 days ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

2 days ago

This website uses cookies.