Crime Does Pay: Business Email Compromise, Organization Vulnerability, and How Hackers Attacked the Wisconsin Republican Party

Poyner Spruill LLP

Poyner Spruill LLP

We have previously written about “phishing.” Phishing involves using social pressure  to trick the recipient to send sensitive information,  network control, or credentials, to hackers posing as authorized users.

A new insidious variant is the Business Email Compromise (BEC). A BEC involves a hacker taking control of a vendor’s email. Using access, the hacker sends apparently bonafide invoices to regular customers. The hacker requests a modification of the previous payment method. The modification is usually low key. It may request that payment be sent from one prominent American bank to another prominent American bank. The hackers control the second account. Payments credited there are swiftly spirited out of the country.

Any organization can be a BEC victim. In October, the Wisconsin Republican Party reported that it had been victimized by a BEC. The party determined that hackers had stolen $2.3 million in campaign funds intended for use in the fall campaign. The hackers had submitted invoices that apparently originated from four vendors. The invoices directed payments to hacker controlled funds.

While less known than other crimes such as ransomware or phishing, BEC is big business. Accumulated losses reportedly amount to billions every year. Detection is difficult because often nothing appears amiss. And compared to raw hacking, it is a clear, profitable approach for hackers.

Law enforcement, organizations, and insurers are just beginning to grapple with BEC. Until new protocols are developed, the safest approach is the old fashioned one. If a vendor requests a change in the mode of payment, train accounts payable to pick up the phone. Verify the request with a known counterpart.

Finally, check with you insurance broker. Your business insurance can often add crime or cyber coverage for a small additional premium. Seriously consider the option. With BEC, an ounce of prevention is worth a pound of cure.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Poyner Spruill LLP | Attorney Advertising

Written by:

Poyner Spruill LLP

Poyner Spruill LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.