Email account compromise (EAC) is a highly sophisticated attack in which attackers use tactics like password spraying, phishing, and malware to compromise victims’ email accounts, gaining access to legitimate mailboxes.
Understanding email account compromise
Email account compromise involves attackers gaining unauthorized access to a legitimate email account. They employ various tactics, including brute force attacks, phishing, and malware, to obtain the account credentials. Once inside, the attackers can access valuable information, such as emails, calendars, contact lists, and files in shared folders. This trove of data allows them to profile their victims and carry out sophisticated attacks.
The primary objective of EAC is for the attacker to impersonate the victim and manipulate their email communications. Mimicking the victim's writing style, tone, and timing can send convincing messages to deceive recipients. These messages often involve fraudulent wire transfers, payment requests, or attempts to extract sensitive information.
Related: What is an impersonation attack?
Common techniques used in email account compromise
Brute force attacks
One prevalent method used by attackers is the brute force attack. This technique employs automated tools to repeatedly guess usernames and passwords until they gain access to the targeted email account.
Phishing
Phishing is another commonly employed tactic in EAC. Attackers send emails that appear legitimate, often mimicking trusted entities or individuals, to trick recipients into divulging their login credentials. These emails may contain links to fake websites designed to steal sensitive information.
Malware
Malware, such as keyloggers or stealers gain unauthorized access to email accounts. These malicious programs can record keystrokes or capture login credentials, allowing attackers to discreetly monitor the victim's email communications.
Types of email account compromise schemes
Email account compromise schemes can take various forms, each with the potential to cause significant financial and reputational damage. Let's look at two common types of EAC attacks:
Supply chain hijacking
In this scenario, the attacker compromises an employee's email account, often from the accounting department. Once inside, the attacker creates a forwarding rule to collect copies of all incoming and outgoing messages. They closely monitor the compromised account to gather information about billing, customer interactions, and other relevant details.
Armed with this knowledge, the attacker crafts invoices that appear legitimate, complete with proper terminology and logos. These fraudulent invoices are then sent to unsuspecting customers, who unknowingly make payments to the attacker's bank account instead of the intended recipient. This type of attack results in financial losses for the targeted company and damages customer satisfaction and trust.
Payroll redirection
In a payroll redirection scheme, the attacker gains access to an employee's email account and sends a request to the human resources department. The email requests an update to the victimized employee's direct deposit information, replacing the legitimate bank account with the attacker's account details. As a result, the victim's salary is redirected to the attacker's bank account, bypassing the intended recipient. This attack can cause personal financial harm to employees and disrupt payroll operations within organizations.
Protecting against EAC attacks
Implementing a single technical control or relying solely on security awareness training is insufficient to effectively protect against EAC attacks. Here are some measures organizations can take to defend against these attacks:
Strong authentication and password practices
Encourage employees to use strong, unique passwords for their email accounts and implement multi-factor authentication to add an extra layer of security.
Email filtering and anti-spam measures
Deploy email filtering solutions to detect and block phishing emails and malicious attachments, reducing the likelihood of successful EAC attacks.
Employee education and security awareness
Regularly train employees on recognizing phishing attempts, suspicious emails, and other social engineering techniques. Teach them to verify email addresses and exercise caution when clicking on links or providing sensitive information.
Monitoring and detection
Implement systems and protocols to monitor email traffic, detect anomalous activities, and identify signs of compromised accounts or unauthorized access.
Secure email gateways
Utilize secure email gateways to enforce email authentication controls which can help prevent email spoofing and unauthorized use of email accounts.
Regular software updates
Keep all software and systems up to date with the latest security patches to mitigate the risk of malware-based attacks.
Incident response and recovery
Develop an incident response plan that outlines the steps to be taken during an EAC or BEC attack. Regularly test and update the plan to ensure its effectiveness.
In the news
In an imperative enforcement action, the U.S. Department of Justice has announced charges against 10 individuals across multiple states for their involvement in elaborate email account compromise (EAC), money laundering, and wire fraud schemes targeting public and private health insurers, Medicare, and state Medicaid programs. These schemes resulted in over $11.1 million in losses. Perpetrators allegedly impersonated business partners via spoofed email addresses to redirect payments into accounts they controlled, often employing recruited "money mules" and other deceptive tactics. The defendants allegedly laundered proceeds through complex financial maneuvers, including cash withdrawals and overseas transfers, undermining healthcare benefit programs and defrauding other victims. This coordinated effort proves the escalating threat of email account compromise, prompting heightened vigilance and regulatory responses to safeguard against such financial crimes.
FAQs
What is EAC and how does it relate to healthcare security?
Email account compromise (EAC) occurs when unauthorized individuals gain access to legitimate email accounts, often through phishing or credential theft. In healthcare, EAC can lead to unauthorized access to sensitive patient information, fraudulent communications, and compromised integrity of medical data.
Why is EAC a concern for HIPAA compliance in healthcare settings?
EAC is a concern because it can result in unauthorized access to protected health information (PHI), breaches of patient confidentiality, and fraudulent activities. These outcomes can lead to HIPAA violations, financial penalties, and disruptions in healthcare operations.
What are the potential risks associated with EAC under HIPAA?
Potential risks of EAC attacks include:
- Data breaches: Unauthorized access to and theft of patient records and sensitive medical data.
- Fraudulent communications: Sending malicious emails from compromised accounts, potentially leading to further phishing attacks or financial fraud.
- Operational disruption: Interference with normal email communications and workflows within the healthcare facility.
- Financial losses: Costs associated with breach remediation, legal penalties, and potential restitution for affected patients.
How can healthcare facilities prevent and mitigate EAC to maintain HIPAA compliance?
Healthcare facilities can prevent and mitigate EAC attacks by implementing cybersecurity measures, including:
- Multi-factor authentication (MFA): Requiring MFA for accessing email accounts to provide an additional layer of security.
- Email filtering: Using advanced email filtering solutions to detect and block phishing attempts and malicious attachments.
- Regular monitoring: Continuously monitoring email accounts for suspicious login activities and unusual patterns.
- User education: Training staff to recognize phishing emails and avoid clicking on suspicious links or providing credentials.
- Incident response plan: Establishing and regularly updating an incident response plan to quickly address and mitigate the impact of compromised email accounts.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.