The following information was obtained from the different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG).
The information provided was classified as Restricted pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
Business Email Compromise (BEC) is a form of phishing attack wherein the cyber criminal impersonates an executive and attempts to get an employee, customer, or vendor to transfer funds or sensitive information. The Federal Bureau of Investigation defines BEC as a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.
The potential targets of this attack are businesses and personnel using open source email and individuals responsible for handling wire transfers within a specific business. The method used is spoofing emails that closely mimic a legitimate email request and fraudulent email requests for a wire transfer.
Some of the most common ways that BEC can use to defraud targets is through the use of bogus invoicing scams to compromise employee account to request a change in payee information, transferring payment to the cyber criminal’s account; in CEO fraud scam, the criminal pretends to be an executive and requests from the human resource or finance department employee make an emergency payment; in an employee account compromise, the attacker might send an invoice to partner vendors; an attorney’s email identity might be used to pressure for payments, claiming to be handling time-sensitive, confidential matters and requesting immediate payment; and data theft wherein the email of role-specific employees in the company being compromised and then used to send requests not for fund transfer but for personally-identifiable information of other employees an executives which can serve as a jump-off point for more damaging BEC attacks against the company itself.
PNP personnel and the public are advised to follow the best practices to protect themselves from the Business Email Compromise attack:
- Avoid using free web-based email as much as possible; make use of company email accounts
- Be extra careful on posting information to social media accounts and company websites
- Be cautious on change requests pertaining to wire transfer
- Disable the Universal Plug and Play on your devices
- Establish more than one communication channel to verify significant transactions
- Immediately delete unsolicited email from unknown senders
- Forward emails and include the correct email address to ensure the intended recipient receives the email.
- Remain vigilant of sudden changes to business practices
For additional information, please refer to the following websites:
POINT OF CONTACT