Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity NewswireCybersecurity News

FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic

Strong Cybersecurity: The Critical Role of Lifecycle Management - Security Magazine
April 8, 2020

Fraudsters will take advantage of any opportunity to steal your money, personal information, or both. Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts, warns the FBI. 

According to the FBI, recently, there has been an increase in business email compromise (BEC) frauds, a scam that target anyone who performs legitimate funds transfers. These BEC frauds are targeting municipalities purchasing personal protective equipment or other supplies needed in the fight against COVID-19.

The FBI notes some recent examples of BEC attempts, including:

  • A financial institution received an email allegedly from the CEO of a company, who had previously scheduled a transfer, requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address with only one letter changed.
  • A bank customer was emailed by someone claiming to be one of the customer’s clients in China. The client requested that all invoice payments be changed to a different bank because their regular bank accounts were inaccessible due to “Corona Virus audits.” The victim sent several wires to the new bank account for a significant loss before discovering the fraud.

“As the workforce moves from the office to their homes, hackers are mobilizing; they know this is a golden opportunity to strike as companies struggle to contain their expanded attack surface. Organizations must be on high alert for any sort of phishing or social engineering-style attack as hackers are attempting to exploit the weakest link of any security program, the humans," says Arun Kothanath, Chief Security Strategist at Clango. 

Terence Jackson, Chief Information Security Officer at Thycotic, says, "Since PPE’s are in short supply and states are in bidding wars to obtain them, this has presented an opportunity for hackers to target municipalities with emails of promises and false hopes while delivering malicious payloads. They are playing on the desperation of municipalities to obtain these life-saving items. During these difficult times, we have to be even more vigilant with investigating emails and verifying their legitimacy before making any type of online purchases, wire transfers, etc."

"One way for organizations to prevent their employees from falling victim to these scams is to ensure that they cannot execute the attackers’ requests," says Kothanath. "Roles and policies govern an identity’s privileges and entitlements throughout an organization. If the roles and policies in place are driven by best practices, rules will exist to prevent identities from acquiring toxic combinations of privileges – such as a low-level accountant being able to modify a payment’s transfer date and recipient and then immediately distributing the payment."

"Humans are the weakest link in any security program," adds Kothanath, "but organizations can protect themselves by implementing an identity management program with roles and policies driven by best practices.”

Mark Chaplin, Principal at the Information Security Forum, notes that “BEC attacks and similar threat scenarios need to be clearly understood before protective measures are implemented. This will ensure protection reflects the nature and scale of the risk to the organization and is balanced, comprehensive and effective."

Moving forward, Chaplin recommends that organizations move away from blaming the individual as the cause of the problem and "adopt an approach that is more focused on protecting employees from BEC-related emails and making them part of the solution. Additionally, quantify the effectiveness of each security measure deployed to protect against BEC-related attacks and use this information to inform broader risk management activities and decisions."

"Finally, provide balanced protection, combining technical security controls with the establishment of a security-positive culture. Empower employees to complement protection against BEC and similar attacks," Chaplin says.

In addition, to protect yourself from this fraud, the FBI advises to be on the lookout for the following red flags:

  • Unexplained urgency
  • Last minute changes in wire instructions or recipient account information
  • Last minute changes in established communication platforms or email account addresses
  • Communications only in email and refusal to communicate via telephone or online voice or video platforms
  • Requests for advanced payment of services when not previously required
  • Requests from employees to change direct deposit information

The FBI also recommends the following tips to help protect yourself and assets:

  • Be skeptical of last minute changes in wiring instructions or recipient account information.
  • Verify any changes and Information via the contact on file—do not contact the vendor through the number provided in the email.
  • Ensure the URL in emails is associated with the business it claims to be from.
  • Be alert to hyperlinks that may contain misspellings of the actual domain name.
  • Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender’s email address appears to match who it is coming from.
KEYWORDS: business email compromise (BEC) coronavirus COVID-19 cyber security cybersecurity

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Enterprise Services
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • email-freepik1170x658v7.jpg

    FBI disrupts $51 million business email compromise schemes

    See More
  • cyber remote work

    Business email compromise during a pandemic: Why cyber insurance is more urgent than ever

    See More
  • Americans not worried about data privacy and security despite significant rise in COVID-related cyber attacks

    People are less concerned with their cyber safety despite significant rise in COVID-19 related attacks

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing