One of the essential duties we perform here at komando.com is to warn you about all of the latest scams. Whether it's a massive data breach or a nasty case of ransomware, you can always count on us to keep you informed.
You never know when or where these cybercriminals are going to strike. To our surprise, we recently discovered a scammer targeting some employees right here at komando.com.
What happened was, the scammer sent emails to employees at the Kim Komando show pretending to be the company's CEO, Barry Young. The fraudster asked recipients of the email to send them money through a wire transfer. This is known as spear phishing.
What makes spear phishing frightening
These types of attacks are scarier than a traditional phishing attack. That's because the scammer puts in extra effort in gathering information about those they're trying to rip off.
In this case, the cybercriminal took the time to find out who our CEO is and also who to contact for payments. The emails are very sophisticated and are meant to trick you into thinking it's a legitimate request for the company. Luckily, we have a great IT department and they were able to see right through it.
This could also be classified as a Business Email Compromise (BEC) scam. These scams have been on the rise of late.
Basically, a BEC scammer attempts to trick employees into sending money transfers by impersonating executive email accounts. These attacks are initiated either by social engineering tricks, email spoofing or malware, targeting upper management executives, accounting and HR departments. The emails appear to be legitimate, so it's easy for people to get taken.
Avoiding a BEC attack
Here are a few ways to avoid becoming a victim to a BEC attack:
- Be vigilant with email communication. Check email addresses carefully, especially those coming from executives asking for financial transactions. A missing character on the address could spell the difference between safety and compromise. Take our phishing IQ test to see if you can spot a fake email.
- Think of using two-factor authentication for money transfers and corporate email accounts. Use known phone numbers for verification and avoid displaying these phone numbers on email correspondence.
- Curate your social media feeds and avoid posting vital corporate workflow details.
- Be wary of email links and attachments. Scrutinize the link address before clicking and do not open attachments from email accounts that are not trusted.
- Regularly scan and protect your computer from malware, keyloggers and rootkits with trusted virus protection.
If you are a BEC victim, the FBI recommends that you contact your financial institution immediately so they could track and coordinate where the transfer was sent. Next, contact the FBI to report the crime and file a complaint with the Internet Crime Complaint Center (www.IC3.gov).