Scammers have a clever new trick to steal money: Video chats

February 18, 2022

By Kim Komando

Business email compromise (BEC) is one of the leading causes of company fraud, and it’s only growing. These are phishing emails where scammers pretend to be someone who works in your company to steal important information or rip you off financially. Tap or click here for ways to spot fake business emails.

Criminals are now changing tactics to include more than just emails. They are now going after video conferencing software and apps. And with a lot of people working from home, it won’t be strange to receive an invitation to a virtual meeting.

Read on to see how scammers steal money by impersonating company executives while in a video call.

Here’s the backstory

The most common method for BEC is to breach and hijack the email address of a company executive. Once the address is in the wrong hands, criminals can pretend to be that individual and instruct lower-ranking workers to do their bidding.

It would usually take some time for the company to realize something is wrong, but most have trained staff to look for scams. That means criminals had to switch tactics, and a video call invite might not raise suspicions.

The FBI’s IC3 has seen increased virtual meetings being used as a vehicle to steal funds and information. Here are a few ways the FBI says BEC virtual meeting scams are being carried out:

Those are just a few examples of scams making the rounds. There are more elaborate schemes circulating that involve Microsoft Teams.

Another concerning trend in virtual meeting software is criminals posing as co-workers to spread malicious files. Avanan warns that Microsoft Teams meetings can fall victim to hijacking, with criminals leaving malware in chat messages.

“The file writes data to the Windows registry, installs DLL files and creates shortcut links that allow the program to self-administer,” Avanan explains in a blog post.

How to avoid BEC scams

When you receive a meeting invitation to a platform you or your company doesn’t usually use, you need to be careful. Criminals might not know which program you prefer and send requests to the most popular ones.

The FBI gave the following suggestions to stay protected:

If you think you are the victim of fraud, immediately contact your financial institution to request a recall of funds. Regardless of the amount lost, file a complaint with www.ic3.gov or, for BEC/EAC victims, BEC.ic3.gov, as soon as possible.

Keep reading

Big updates coming to Zoom, Google Meet and Teams

Zoom could secretly be recording your audio – Update your computer now

https://www.komando.com/news/bec-video-scams/