A growing increase in business email compromise attacks makes it crucial for organizations of all sizes to focus on network security and, more importantly, employee education. These email compromise attacks emulate legitimate emails, links, and programs, making it difficult to discern truth from fiction in order to get staff to click on them and infect the company computers. The primary objective of these new cyberattack concerns is credentials theft and spread malware. The more you work to prevent these types of attacks from happening, through educational programs and support for you and your team, the less likely they will occur. However, it is highly recommended to create a comprehensive backup and recovery plan to aid in quick recovery following any type of attack or disaster situation.
How Does Business Email Compromise Work?
These new email compromise attacks work by using traditional phishing methods and combining them with a realistic-looking link to web services, such as Dropbox and other popular, widely-used programs as the primary lure. One of the most successful has been the legitimate Dropbox link, as this cloud-based storage program is commonly used by small and medium-sized businesses to store essential documents, including receipts, work orders, customer files, and important work-related information. The use of these links to create business email compromise attacks definitely adds fresh layers of new cyberattack concerns. Industry experts are warning IT departments to be aware of this new attack type and to alert employees about the legitimate-looking links.
One of the first examples of these email compromise attacks discovered was through the use of an actual free Dropbox account that was used to grab the credentials of the target. Another used the same type of free account to hide malware in relevant documents, such as resumes for prospective employees during a hiring campaign, contract applications, and other files. The goal is to get the user to click on the legitimate notification to download a resume from a Dropbox link so they will access the page that is hosted on the cloud-based server. Then, the user is prompted to enter their own username and password to view the document, providing the cybercriminals with access to their credentials, including email addresses and passwords.
The Legitimate Dropbox Link
Understanding how people think and the way they react to things that are familiar, accessing web services that they have used many times before, is what helps these new cyberattack concerns be so successful. In addition to Dropbox, other commonly used programs are employed for these attacks. Another popular method is to use the Microsoft OneDrive link, which helps the threat actors to obtain access to the company’s Microsoft credentials. These credentials, as you may know, will also provide a wider access to the entire Microsoft account, leading them to more documents, essential data, and account details. Upon clicking the link, they not only give the cybercriminals their log-in credentials, but also receive a malicious download designed to do even more damage.
Cybersecurity researchers and analysts are sounding the alarm, as they are seeing more and more email compromise attacks in the wild. While there are many different variations being used, the primary methods and attacks are the same. The cybercriminal generally attempts to spoof the employee into doing something they don’t want to do, such as log-in to a compromised web service account while thinking they are logging into a trusted account. By using a legitimate Dropbox link or Microsoft OneDrive account to host the malicious content, it makes it much easier to get staff to have trust in the requests that they are receiving. Once again, it is essential to provide employees with training, support, and ongoing education to prevent these types of attacks from being successful.
Innovative Technologies and Services
One way to beef up your network security, provide employees with valuable training, and offer ongoing support is to take advantage of our wide range of services at Synivate. Whether your goal is to avoid business email compromise attacks and thwart new cyberattack concerns, our managed services, monitoring programs, and security can help you to be successful. Give us a call at 617-848-1248 to discuss your needs or use our online contact form to reach out to a team member. We can answer any questions you might have or provide a free consultation to help get things started.