BEC scammers impersonate CEOs in virtual meetings

The FBI has warned that BEC scammers are using new tactics and are increasingly exploiting virtual meeting platforms to defraud organizations. Scammers use any method, up to deepfakes, to force victims to send money to accounts they own.

Let me remind you that the term BEC attack (Business Email Compromise) usually refers to cases when attackers start correspondence with a company employee in order to gain his trust and convince him to perform actions that harm the interests of the company or its customers.

In fact, as part of such attacks, criminals often pretend to be employees (more often we are talking about senior positions) of the company and order to transfer money to the account they need.

Now that the entire world has rethought its approach to online work and moved to remote work due to the ongoing COVID-19 pandemic, scammers have also reconsidered their approach to BEC scam. The FBI reports that between 2019 and 2021, reports of BEC attacks via virtual meeting and meeting platforms skyrocketed.

Although law enforcement does not provide specific figures in their report, they describe three scenarios in which fraudsters use such tools to attack.

1. Attackers compromise the mail of the head or financial director. A hacked mailbox sends employees a request to participate in a virtual conference, where the perpetrators insert a still image of the CEO with no sound or use an audio deepfake to fake the voice, claiming that the video or audio is not working properly. Then, via chat, they instruct employees to start transferring funds or send such an “order” in a follow-up email.
2. Attackers can compromise of mail of ordinary employees, after which hackers get the opportunity to attend virtual meetings to collect information about the day-to-day operations of the company.
3. The classic compromise of the mail, for example, of the general director, with sending fake letters from this address to employees. On behalf of the CEO, the hackers instruct the victims to initiate the transfer of funds, as the CEO himself is supposedly busy in a virtual meeting and unable to do so on his computer.

Let me remind you that we talked about Twitter Hacking Hearing Held At Zoom And Interrupted By Porn Videos, and also that Data from 500000 Zoom accounts are sold on hacker forums.