Email is a common target for malicious hackers. Two of the more common techniques they use to compromise email are business email compromise and malicious document attachments.
Business Email Compromise
The FBI describes Business Email Compromise, or BEC, as a financially-motivated and often sophisticated scam carried out by organized crime organizations. The technique involves impersonating a trusted party, then using that position of trust to convince an employee to transfer funds or sensitive data to the attacker. Some common scenarios described by the FBI’s Internet Crime Complaint Center include:
- Scammer imitates a company executive, or an actual business partner
- Requests a funds transfer, or sensitive data. Often Employee tax records (W-2 scam)
The second common technique is malicious attachments emailed to a target. These are usually less sophisticated and not tailored to a specific person, but rather the same email is copied to many different people. A recent example:
- Subject: legally binding contract
- Attachment: contract_#####.doc
By default, Microsoft Office is configured to open emailed documents in Protected View – a mode that disables any malicious macros contained in the documents. If you click on the attachment, you will likely be prompted to disable Protected View so the attachment can download full-fledged malware to your PC.
How to Avoid these Scams:
- Pay attention to the “from” address of an email – is it company.co instead of company.com?
- If you reply to a message, pay attention to the “TO” field. A scam email may show “email@example.com” as the sender, but change to the hackers address when you reply.
- Email may appear to come from the boss’ personal email address – does the CEO typically send business-critical messages from a personal account? If email originates from an account not commonly used for business, confirm through another method that the request is legitimate (here are additional tips to combat BEC). ere aerUse
- When viewing Microsoft Office attachments, keep the document in Protected View to prevent malicious macros from running. Be particularly suspicious of any document that instructs you to “enable editing” or “enable content” or “enable macros”.
Exercising caution when opening and responding to emails is a critical step in protecting your personal information from identity theft and other scams.