More businesses hit by email account compromises
The National Cyber Security Centre (NCSC) is aware of a spike in business emails being compromised, particularly affecting the financial services industry.
This type of attack is referred to as business email compromise (BEC) and can lead to serious harm and further cyber attacks. It can be hard to spot as cybercriminals go out of their way to avoid being detected.
Cyber criminals are gaining access to business email accounts and using them to send mass phishing emails that contain malicious links which may lead to a fake login page or download remote access tools and eventually financial loss.
“It’s concerning seeing this happening in the financial services industry, not only as we know they often deal with large sums of money and personal information, but they often have large contact lists that attackers can exploit”, said NCSC Threat and Incident Response team lead Tom Roberts.
“As there are phishing emails coming directly from the business’s genuine email address, it can make the phishing emails hard to spot as they will look legitimate”.
The NCSC is encouraging businesses, particularly those in the financial services industry, to check your email systems to see if there has been a compromise. You may need IT support for this. Ask your IT provider to monitor your business email and check:
- auto-forwarding rules on email accounts, especially those relating to accounts receivable,
- auto-filtering rules on email accounts to see if there are any rules that you did not set up, and
- email access logs to look for any unusual login behaviour like a change in log in times and an unexpected or foreign IP address.
It is also important for all businesses to be vigilant to emails containing links, particularly if they’re unexpected or ask you to do something with urgency. In the examples we have seen recently, the link is posed as a file sharing link which takes you to a fake website posing as a legitimate service to input your login details.
If you receive an email like this, please contact the sender via an alternate channel such as calling them to confirm its legitimacy.
If you are a professional service provider, we also recommend raising this spike in reports with your clients and staff to check if they have received any suspicious messages.
You can report any incident or suspected attack to us.
Information reported is confidential and will not be shared with other agencies such as the police without consent.
You can find out more about how attackers gain access to your accounts and how you can prevent these attacks on our website.