Trend Micro Helped Taiwan Police Stop A NTD$ 3 Million Loss From A BEC Scam

20 Dec

Trend Micro, the global information security software and solutions provider, detected a BEC scam hacking into a Taiwanese manufacturer’s transaction and successfully helped the Criminal Investigation Bureau stop an ongoing transnational fraud possibly causing a loss of USD$ 90 thousand (NTD$ 3 million). That again proved information security awareness is one of the fundamentals running a business. It became crucial to prevent online scams with information security solutions.

The business email compromise (BEC) scam grew popular among hackers since the cost and techniques required are relatively low. Trend Micro has signed a MoU with the Criminal Investigation Bureau to assist the police to curb online crime from time to time since 2015. Last week, it collaborated with Taipei City Police Department to stop right away an ongoing typical BEC scam. Through SNAP (Social Engineering Attack Protection), a scanning process of IMSVA (InterScan Messaging Security Virtual Appliance), the engineer team of Trend Micro discovered hackers falsified the content of a transaction letter from a Taiwanese manufacturer to its Russian client, misleading the client to transfer the payment to a false account provided by the disposable temporary email address they created. Also, hackers stole and altered a receipt on which there already had the company chop of the Taiwanese firm. The total amount of the transaction was up to NTD$ 3 million. This time, the collaboration of Trend Micro and the CIB to thwart the BEC treachery has been remarked as one of the few successful cases to prevent the BEC scams. The incident also rang true and clear to business owners that they shouldn’t be more careful and cautious of information security threats coming in different forms.

The business email compromise (BEC) attack refers to the scam that hackers falsify contents of emails between businesses. It recently became a common method to mislead companies to transfer payment to false bank accounts. Email has been the major approach of communication between businesses, dealing with tasks including trading and giving details of payments, bank accounts, and receipts, which inevitably became materials hacker take advantage of. They use social engineering or keyloggers to steal emails and delude clients by telling them to transfer their payments to false accounts in the disguise as the receiver companies. The parties that pay would be easily victimized if they do not double check with their trading partners.

To business owners, Trend Micro strongly suggested that precaution is a key to prevent the rampant BEC scams. It is necessary to enhance email security systems so as to avoid third party information theft; to educate employees with the purpose to increase their awareness of information security, telling them not to open suspicious emails from social engineering; and to double check transaction details before any payment is made to secure the businesses. Products such as IMSVA and HES (Host Email Security) provide a complete, multi-layered shield able to combine with companies’ virtual appliances and cloud services to filter out most of the  junk mails and malware outside companies’ networks before any invasion occurs. They further ensure companies are safe away from information security threats such as BEC scams through the scanning procedure of cloud service evaluation database and the network borders.

Facebook Comments