Combating the threat of business email compromise attacks

The healthcare and public health (HPH) sector has become a prime target for cybercriminals, as evidenced by the recent warning issued by the Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3). This alert shows the growing threat of business email compromise (BEC) attacks. These attacks are a type of sophisticated social engineering scam that targets individuals within an organization, often exploiting their trust and authority to gain access to sensitive information or facilitate fraudulent financial transactions. Unlike traditional phishing campaigns that rely on mass-distributed emails with malicious links or attachments, BEC attacks are meticulously planned and executed, tailoring their approach to specific individuals or organizations.

The hallmark of a BEC attack is the impersonation of a trusted figure, such as a CEO, executive, or legal representative, to lend credibility to the request. Cybercriminals use publicly available information and carefully crafted emails to build a convincing narrative, often pressuring the victim to act swiftly to avoid perceived consequences.

Read more: What are Business Email Compromise attacks? 

The anatomy of a BEC attack

BEC attacks typically follow a well-defined sequence of events, each step designed to increase the likelihood of success:

• Reconnaissance: Cybercriminals conduct extensive research on the target organization, its leadership, and its internal processes. They gather information from a variety of public sources, including social media, company websites, and news articles, to understand the organization's structure, communication patterns, and potential vulnerabilities.
• Credential theft: Using the gathered intelligence, the attackers may attempt to steal legitimate email credentials through phishing or other means, granting them access to the organization's internal communication channels.
• Impersonation: With access to a compromised email account, cybercriminals can now impersonate a trusted figure within the organization, such as a C-suite executive or a legal representative. They craft convincing emails that align with the target's communication style and internal protocols.
• Social engineering: The attackers use their impersonation and sense of authority to pressure the victim into taking the desired action, such as disclosing sensitive information or initiating a fraudulent wire transfer.
• Financial fraud: If the attack is successful in manipulating the victim into making a fraudulent wire transfer, the stolen funds are quickly moved to other accounts and withdrawn, making it challenging to recover the lost assets.

Related: What is an impersonation attack? 

The impact of BEC attacks

The consequences of a successful BEC attack can be far-reaching and devastating for healthcare organizations. The Federal Bureau of Investigation's (FBI) Internet Crime Complaint Center (IC3) has reported a staggering number of BEC incidents, with over 277,918 cases reported between October 2013 and December 2022, resulting in more than $50 billion in losses.

The financial impact of these attacks can be severe, with healthcare organizations losing millions of dollars in fraudulent wire transfers. Beyond the monetary losses, BEC attacks can also lead to reputational damage, erosion of trust, and compliance issues, further compounding the challenges faced by the healthcare sector.

Strategies to mitigate BEC risks

A multi-layered approach is necessary to safeguard the healthcare sector from the growing threat of BEC attacks. Here are some strategies healthcare organizations can implement:

Enhance email security measures

Implementing email security solutions with advanced capabilities, such as AI-powered anomaly detection and machine learning-based threat identification, can help detect and block suspicious BEC attempts. Additionally, adopting email authentication protocols, like DKIM, SPF, and DMARC, can mitigate the risk of email spoofing.

Strengthen access controls

Implementing multi-factor authentication (MFA) on all email accounts and other imperative systems is beneficial to prevent unauthorized access, even in the event of compromised credentials.

Educate and empower employees

Regularly training and educating employees on the risks of BEC attacks, social engineering tactics, and proper reporting procedures can enhance the organization's resilience. Conducting simulated phishing and BEC exercises can help reinforce training and identify areas for targeted improvement.

Establish incident response protocols

Developing and regularly testing incident response plans for BEC attacks can ensure that organizations are prepared to act swiftly and effectively in the event of a breach. This includes establishing clear communication channels, identifying certain stakeholders, and coordinating with law enforcement and financial institutions to mitigate the impact of fraudulent wire transfers.

Foster cross-sector collaboration

Engaging with industry peers, government agencies, and cybersecurity organizations can help healthcare organizations stay informed about the latest BEC trends, share best practices, and collaborate on collective defense strategies.

The effect of BEC attacks on email safety

BEC attacks erode trust in email communications by exploiting the very medium that organizations rely on for legitimate correspondence. BEC attacks often involve email spoofing and convincing impersonations, making it challenging for recipients to distinguish between legitimate and malicious messages. 

BEC attacks compromise the security of individual email accounts and diminish the overall trustworthiness of email communication platforms. To safeguard email safety in the face of BEC threats, organizations need to employ email authentication, security measures, and HIPAA compliant email services.

Our suggestion: Paubox ExecProtect

This is a specialized email security solution designed to address targeted phishing attacks, often known as spear-phishing. Paubox ExecProtect protects executive-level email accounts, which are common targets for hackers due to their high-level access and authority. The system uses advanced algorithms and filters to detect and block phishing attempts, including those that use domain name spoofing, where attackers mimic a legitimate domain to trick recipients.

Learn more: HIPAA Compliant Email: The Definitive Guide

In the news

Malachi Mullings, a 31-year-old from Sandy Springs, Georgia, has been sentenced to 10 years in prison for his role in a digital fraud network involving business email compromise (BEC) attacks, romance scams, and healthcare benefits fraud. Mullings scammed over $4.5 million and laundered the money through 20 bank accounts under the shell company, The Mullings Group LLC.

Using various fraud techniques, Mullings targeted elderly individuals in healthcare programs, private companies, and romance scam victims. He laundered $310,000 from a state Medicaid program and obtained $260,000 from a romance scam, which he used to buy a Ferrari. Mullings pleaded guilty in January 2023 to conspiracy and multiple money laundering charges.

FAQs

What is a BEC attack and why is it particularly dangerous for healthcare organizations?

A BEC attack is when cybercriminals gain control of a business email account to trick others into sending sensitive information or money. It's especially dangerous for healthcare because it can expose protected health information (PHI), disrupt operations, and cause financial losses.

What are the common tactics used by cybercriminals in BEC attacks targeting healthcare organizations?

Cybercriminals use tactics like phishing emails, spoofed email addresses, and social engineering. They often target executives, finance departments, and administrators, posing as trusted contacts to deceive them into sharing information or making unauthorized transactions.

How can healthcare organizations identify potential BEC attacks?

Healthcare organizations can spot BEC attacks by looking for unexpected requests for sensitive information or money, slight variations in email addresses, and urgent or pressuring messages. Using advanced email security tools and training employees to recognize suspicious emails are also imperative.

What steps should a healthcare organization take if it falls victim to a BEC attack?

Steps to take include:

• Immediate Containment: Disconnect the compromised account.
• Notification: Inform affected parties and stakeholders.
• Investigation: Determine the breach's extent and identify compromised data.
• Recovery: Secure the network, restore systems, and strengthen security.
• Reporting: Report to authorities and comply with legal requirements.