Email account compromise (EAC) is a highly sophisticated attack in which attackers use tactics like password spraying, phishing, and malware to compromise victims’ email accounts, gaining access to legitimate mailboxes.
Email account compromise involves attackers gaining unauthorized access to a legitimate email account. They employ various tactics, including brute force attacks, phishing, and malware, to obtain the account credentials. Once inside, the attackers can access valuable information, such as emails, calendars, contact lists, and files in shared folders. This trove of data allows them to profile their victims and carry out sophisticated attacks.
The primary objective of EAC is for the attacker to impersonate the victim and manipulate their email communications. Mimicking the victim's writing style, tone, and timing can send convincing messages to deceive recipients. These messages often involve fraudulent wire transfers, payment requests, or attempts to extract sensitive information.
Related: What is an impersonation attack?
One prevalent method used by attackers is the brute force attack. This technique employs automated tools to repeatedly guess usernames and passwords until they gain access to the targeted email account.
Phishing is another commonly employed tactic in EAC. Attackers send emails that appear legitimate, often mimicking trusted entities or individuals, to trick recipients into divulging their login credentials. These emails may contain links to fake websites designed to steal sensitive information.
Malware, such as keyloggers or stealers gain unauthorized access to email accounts. These malicious programs can record keystrokes or capture login credentials, allowing attackers to discreetly monitor the victim's email communications.
Email account compromise schemes can take various forms, each with the potential to cause significant financial and reputational damage. Let's look at two common types of EAC attacks:
In this scenario, the attacker compromises an employee's email account, often from the accounting department. Once inside, the attacker creates a forwarding rule to collect copies of all incoming and outgoing messages. They closely monitor the compromised account to gather information about billing, customer interactions, and other relevant details.
Armed with this knowledge, the attacker crafts invoices that appear legitimate, complete with proper terminology and logos. These fraudulent invoices are then sent to unsuspecting customers, who unknowingly make payments to the attacker's bank account instead of the intended recipient. This type of attack results in financial losses for the targeted company and damages customer satisfaction and trust.
In a payroll redirection scheme, the attacker gains access to an employee's email account and sends a request to the human resources department. The email requests an update to the victimized employee's direct deposit information, replacing the legitimate bank account with the attacker's account details. As a result, the victim's salary is redirected to the attacker's bank account, bypassing the intended recipient. This attack can cause personal financial harm to employees and disrupt payroll operations within organizations.
Implementing a single technical control or relying solely on security awareness training is insufficient to effectively protect against EAC attacks. Here are some measures organizations can take to defend against these attacks:
Encourage employees to use strong, unique passwords for their email accounts and implement multi-factor authentication to add an extra layer of security.
Deploy email filtering solutions to detect and block phishing emails and malicious attachments, reducing the likelihood of successful EAC attacks.
Regularly train employees on recognizing phishing attempts, suspicious emails, and other social engineering techniques. Teach them to verify email addresses and exercise caution when clicking on links or providing sensitive information.
Implement systems and protocols to monitor email traffic, detect anomalous activities, and identify signs of compromised accounts or unauthorized access.
Utilize secure email gateways to enforce email authentication controls which can help prevent email spoofing and unauthorized use of email accounts.
Keep all software and systems up to date with the latest security patches to mitigate the risk of malware-based attacks.
Develop an incident response plan that outlines the steps to be taken during an EAC or BEC attack. Regularly test and update the plan to ensure its effectiveness.
In an imperative enforcement action, the U.S. Department of Justice has announced charges against 10 individuals across multiple states for their involvement in elaborate email account compromise (EAC), money laundering, and wire fraud schemes targeting public and private health insurers, Medicare, and state Medicaid programs. These schemes resulted in over $11.1 million in losses. Perpetrators allegedly impersonated business partners via spoofed email addresses to redirect payments into accounts they controlled, often employing recruited "money mules" and other deceptive tactics. The defendants allegedly laundered proceeds through complex financial maneuvers, including cash withdrawals and overseas transfers, undermining healthcare benefit programs and defrauding other victims. This coordinated effort proves the escalating threat of email account compromise, prompting heightened vigilance and regulatory responses to safeguard against such financial crimes.
Email account compromise (EAC) occurs when unauthorized individuals gain access to legitimate email accounts, often through phishing or credential theft. In healthcare, EAC can lead to unauthorized access to sensitive patient information, fraudulent communications, and compromised integrity of medical data.
EAC is a concern because it can result in unauthorized access to protected health information (PHI), breaches of patient confidentiality, and fraudulent activities. These outcomes can lead to HIPAA violations, financial penalties, and disruptions in healthcare operations.
Potential risks of EAC attacks include:
Healthcare facilities can prevent and mitigate EAC attacks by implementing cybersecurity measures, including:
See also: HIPAA Compliant Email: The Definitive Guide