Account Takeover, or Business Email Compromise (BEC), is when a cybercriminal launches a successful phishing attack to gain control of their victim’s email account
Once inside, the thief will either launch additional phishing attacks on the account holder’s contacts or insert themselves into an existing conversation. Their goal is to steal personal information or obtain financial gain by leading you to believe you are interacting with someone you trust.
Common victims of account takeover
- Financial Institutions
- Law Firms
- Insurance Organizations
- Large Companies
Account Takeover + Wire Fraud
Wire fraud occurs when a cybercriminal successfully obtains money from their victim via wire or ACH payment.
Account Takeover email with wire fraud pattern
How are you doing today? Has our account receivable team sent the invoice? Regarding payment for deposit, we’ll prefer to receive payment via ACH/EFT. I’ll send our ACT remittance instruction upon your request. Please kindly acknowledge the receipt of my email. I await your response as soon as possible.
Other possible scenarios
You’re a corporate lawyer working on a legal settlement. Suddenly, the contact at the law firm you’re conducting business with asks that the settlement be changed from a check payment to an ACH.
You’re working with a vendor, and they send you an invoice with instructions that have suddenly changed or are different than what they’ve used in the past.
Out of the blue, an insured asks for a wire transfer for the payout of their claim, retirement account, or death benefit.
Identify the Red Flags Account Takeover Attacks
It’s important you are able to identify when an account takeover or wire fraud attack hits your inbox, especially when the attack appears to be coming from a trusted contract.
A reply is received from an old email conversation
The reply includes a link or an attachment that is unexpected.
A reply from a contact suddenly has a different tone
Words like “kindly,” or “warmly” are used or the tone becomes more–or less–formal than usual. Spelling or grammatical errors may also be present. A request to hurry or immediately act is stressed.
A wire or ACH transfer is suddenly requested, and instructions may be included
Another form of payment may have already been discussed in writing, or the instructions are different than usual.
The sender asks to change a standard business process that is generally known and accepted
Take immediate action
Take the time to carefully review all your emails. If you feel that an email doesn’t seem quite right, trust your instincts.
Don’t respond to the sender and engage them in any way
Remember, it’s possible that the person on the other end is a criminal.
Don’t click on any links or attachments.
Links could take you to malicious sites and attachments may contain code.
Reach out to your contact directly
Use a phone or another method to verify the change requested – in many cases they may not know their email is compromised.