Censornet Comment - FBI warns of BEC attackers impersonating construction companies
June 2021 by Richard Walters, Chief Technology Officer at Censornet
Following the recent news of the FBI warning private sector companies of scammers impersonating construction companies in business email compromise (BEC) attacks, Richard Walters, Chief Technology Officer at Censornet, comment;
These are carefully researched and highly targeted attacks that are becoming more and more sophisticated and constantly evolving. The key to stopping them is to use ultra-modern, multi-layered email security – older legacy email security solutions are about as much use as an ashtray on a motorbike. Stopping BEC requires a different set of techniques and technologies.
Similar procurement and contract portals exist in the UK and Europe (the GOV.UK Contracts Finder site for example - https://www.contractsfinder.service.gov.uk/Search and it’s entirely reasonable to expect copycat attacks this side of the Atlantic.
Technology of course should be supplemented with continuous user education and awareness training with up to the minute examples of the latest BEC messages. Localised content is important as this example shows, attacks are different in different geographies / regions. Policies and procedures should include out of band checks (i.e. over the phone or another medium other than email) to confirm with suppliers and partners, as well as internally, before changing bank account or other payment details.