NetFort Advertising

How to monitor for BEC Scams: Common Subject Lines

13 September 2017 NetFort Blog By: Aisling Brennan
BEC Scams

BEC Scams

Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The spear phishing campaign is carried out by compromising legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

BEC scam example

Google and Facebook both fell victim to a BEC scam that swindled $100 from the two tech firms. Read more here.

According to Symantec’s 2017 Internet Security Threat Report, “Request” was the most popular keyword used in subject lines for BEC scam emails; followed by “Payment” (15%) and “Urgent” (10%).

BEC scam subject lines

A number of NetFort’s customers are finding the LANGuardian SMTP Email Decoder pretty useful for detecting BEC spammers, as it allows you to search by subject, along with more detailed information such as sender, recipient, attachment name, mime type, attachment description, timestamps and the IP address of sender and recipient.

Checking for specific Email subject lines

Emails by Subject

The steps to create this report are as follows:

1. Click on All Reports in the LANGuardian menu bar. In the Inventory section, click on E-mail.
2. In the E-mail section, click on Emails by Subject.
3. Enter the subject lines transfer|payment|urgent and matches regexp selected in the Subject field. Click Run Report.
4. When LANGuardian displays the report, click Actions on the report menu bar and select Save As. Enter a name and description for the report, then click Save. The new report will be listed in the My Reports section.
5. In this post, we look at setting up an alert when certain traffic is found on the network. You can apply the same principles to this situation.

According to the FBI’s Internet Crime Complaint Center (IC3), “the BEC scam continues to grow, evolve, and target businesses of all sizes”. Read more here

The key takeaway here is to carefully scrutinize all emails. Be wary of irregular emails sent from C-Suite Executives, as they are used to trick employees into acting with urgency. Carefully review and verify fund transfer requests.