Police issue warning to public regarding Business Email Compromise attacks – kingstonpolice.ca

Emergency: 9 1 1
Kingston Police Logo Kingston Police Logo
Kingston Police Cruiser by Lake
Release Date: September 16, 2021
The Kingston Police Fraud Unit is urging local businesses to be aware of a type of scam that is targeting the business community with increasing frequency: Business Email Compromise (BEC) attacks.
BEC is the use of a spoofed email address or a compromised email account to convince an individual or a business to send funds from their account to one owned or controlled by a cybercriminal. Cybercriminals perpetrating BEC are essentially social engineers who take advantage of a person’s nature to address urgent requests promptly. They also take advantage of most employees’ lack of basic security knowledge when it comes to email (i.e. recognizing a phishing attempt), how to evaluate a suspicious email’s header, or how to identify domain spoofing.
Typically, the criminal targets a business using a phishing attack. The business’ employee receive a seemingly innocuous e-mail inviting the receiver to click on a link. Once the link is clicked, malware is surreptitiously downloaded onto the user’s computer or device, giving the culprit access to their e-mail account.
The criminal then looks for e-mails with invoices sent to or received from other companies. The criminal then sends an e-mail to the subcontractor, either from the actual e-mail account that was compromised; or from an e-mail address crated by the criminal that appears almost identical in appearance to the legitimate e-mail account. Typically they will register an e-mail domain that is the same as the one being impersonated, except that it is off by one character and not easily noticed.
The company that hired the sub-contractor is then advised by the culprit – pretending to be the sub-contractor – that their business has changed their payment information; and a new account number is provided to send an Electronic Fund Transfer to; or a new e-mail address is provided to send an e-transfer to.
In the cases seen by Kingston Police, losses are typically in the range of $10,000 to $70,000. (In the United States BEC has become the costliest type of cybercrime, causing billions of dollars in economic loss.)
From the cases seen so far, once the money is sent to the receiving account it is withdrawn and forwarded in ways that are difficult or impossible to track – such as through Bitcoin or other cryptocurrencies.
Police urge businesses to raise their employee’s awareness of this type of crime – particularly their accounts departments, which are the usual targets of this scam. Employees should be made aware of the following:
Training employees to be aware of these types of scams and of the proper steps to take is essential in preventing significant losses.
Proper cyber-security practices should be strictly adhered to, including strong passwords; the re-setting of passwords on a regular basis; two-step or multi-step authentication processes; and awareness in regards to phishing attempts.

Contact Us

Serving our community since 1841.
Kingston Police Crest logo
© 2019 Kingston Police
Designed by eSolutions
705 Division Street Kingston, ON K7K 4C2, T: 613-549-4660 Hearing Impaired: 613-549-8792
Scroll to the top of the pageTop


Leave a Comment

Your email address will not be published. Required fields are marked *