Cyber Criminals Conduct BEC through Exploitation of Cloud-based Email Services

The FBI has released a Public Service Announcement (PSA) warning that cyber criminals are targeting organizations that use popular cloud-based email services to conduct business email compromise (BEC) scams. According to the PSA, the scams are initiated through specifically developed phish kits designed to mimic the cloud-based email services in order to compromise business email accounts and request or misdirect transfers of funds. Between January 2014 and October 2019, the FBI’s Internet Crime Complaint Center (IC3) received complaints totaling more than $2.1 billion in actual losses from BEC scams using two popular cloud-based email services. While most cloud-based email services have security features that can help prevent BEC, many of these features must be manually configured and enabled. Users can better protect themselves from BEC by taking advantage of the full spectrum of protections that are available, many of which are discussed in the PSA. Read the PSA at the FBI.