PHISHING FOR FUNDS: UNDERSTANDING BUSINESS EMAIL COMPROMISE presented at BlackhatAsia 2017

by Keith Turpin,

Summary : Business Email Compromise (aka CEO fraud) is a rapidly expanding cybercrime in which reported cases jumped 1300% from 2015 to 2016. This financial fraud scheme can target any market segment or organization regardless of size. Thousands of organizations from more than 100 countries have reported losses. The reasons for this surge is simple - it makes money. Over 3 billion dollars in losses have been reported. It is reasonable to assume that the actual impact could be much larger.
In most cases, Business Email Compromise is a highly targeted attack that starts with significant reconnaissance. Attackers take time to understand the target organization's people and processes. These precise email attacks often get past traditional spam filters and will have the look and feel of a legitimate correspondence.
This talk will cover the attacker methodology and how to defend against the various techniques commonly used by attackers including: sender address spoofing and reply-to alteration, domain impersonation, account compromise, open email relay abuse and end point compromise.
In order to be successful, this attack requires that security controls associated with people, processes and technology all fail. Keep any one of these strong and the likelihood of a successful attack drops significantly. Defenders can employee technical controls to stop certain types of fraudulent email, build robust business processes that interrupt the exploitation or raise user awareness, so they know when to raise an alarm.
When something does get through, and it will, knowing how to respond can make all the difference and that will also be discussed.