Cybercriminals are malicious – but they’re also innovators. They are always finding new ways to target organizations. Earlier this year, the FBI reported on an increase in email account compromise (EAC) / business email compromise (BEC) attacks. They also detailed an emerging BEC scam format: fake virtual meetings with voice deepfakes.
Social engineering leads to these BEC and EAC attacks. By detecting these fake links in business communication apps and email channels, you can avoid BEC attacks like this, effectively reducing risk much earlier.
Read on to find out how this new attack vector worked – and how machine learning-powered Natural Language Understanding (NLU) tools can provide an essential layer of protection.
A New Way to Scam
In a February 2022 public service announcement from the Internet Crime Complaint Center (IC3) of the FBI, the bureau reported that it has received escalating reports of BEC and EAC attacks that utilize virtual meeting platforms from 2019 up to the present.
How do these call-based attacks happen?
Typically, the criminal has compromised an email account from the target company, and poses as an executive, often the CFO or CEO. Using voice deepfake technologies, the attacker then instructs individuals on the call to perform activities like unauthorized fund transfers or sensitive information pullout, and tells them to send the funds or data to fraudulent accounts. They facilitate transfers either through the virtual meeting platform’s chat functionality or through a follow-up email after the call.
Other techniques used, according to the report, are:
- Leveraging compromised employee emails to snoop on workplace meetings through video conferencing platforms, and collect information on the day-to-day operations of the target business.
- Leveraging the compromised employer’s email to send spoofed emails requesting a fund transfer to be made on their behalf, claiming that the CEO is “currently stuck in a virtual meeting” and is not able to initiate the fund transfer through their device.
When Technology Turns Bad
Part of the reason for the proliferation of these new BEC + virtual meeting attacks, the report points out, is the remote/hybrid working setup that companies have adopted ever since the COVID-19 pandemic broke out.
When employees and employers alike were all forced to close down their offices and work from their homes, tools like Zoom and Microsoft Teams enabled continuous communication with their video conferencing capabilities. Both became widely adopted, which resulted in 191,000 enterprise customers for Zoom, as of February 2022.
And now, criminals are using voice deepfakes to leverage these virtual meeting tools for nefarious purposes.
The dangers of deepfakes are not lost on others. Eric Milam, Blackberry’s VP of Research and Intelligence, shared his insight on the problems that deepfake technologies bring.
"You're already hearing about people using voice to steal money from banks and authenticate themselves," said Milam, referencing the $35M money heist that involved a company director’s voice deepfake in 2021. He adds:
"Deepfakes are like CGI. We've had it for years; it's only going to get better and now we have the power in our cell phones to do it.”
Protecting Your Enterprise from BEC + Virtual Meeting Attacks
- Confirm the use of outside virtual meeting platforms not normally utilized in your internal office setting. Use of unsanctioned apps can lead to compliance issues, which can blow up into massive fines, more susceptibility to threats, and brand damage.
- Monitor communication channels like Slack, Teams, LinkedIn etc. to understand the context and intent of all messages. Leverage NLU-powered solutions to get a deeper understanding of communication-based risks.
- Use secondary channels or two-factor authentication to verify requests for changes in account information.
- Ensure the URL in emails and other communication channels is associated with the business/individual it claims to be from.
- Be alert to hyperlinks that may contain misspellings of the actual domain name.
- Refrain from supplying login credentials or PII of any sort via email. Be aware that many emails requesting your personal information may appear to be legitimate.
- Verify the email address used to send emails, especially when using a mobile or handheld device, by ensuring the sender's address appears to match who it is coming from.
- Ensure the settings in employees' computers are enabled to allow full email extensions to be viewed.
- Monitor your personal financial accounts on a regular basis for irregularities, such as missing deposits.
Natural Language Understanding: A Critical Layer of Protection
In addition, a cybersecurity solution that leverages Natural Language Understanding (NLU) with the help of machine learning is essential.
NLU is a more sophisticated subset of Natural Language Processing (NLP), in the sense that it involves pulling not just the literal meaning of a line of text or a recording, but its context and intent, as well. Basically, NLP processes the individual words in a particular sentence, while NLU understands what the sentence implies in its entirety.
With machine learning-powered NLU, different BEC attacks can be identified through scanning for and detecting the initial social engineering attack that leads to the fake meeting – whether it was sent over via email or other communication platforms. BEC attacks often have common patterns, like the constant sense of urgency or discussion around payment or credentials, and natural language understanding can hone in on those qualities to catch social engineering context and intent.
Such a robust solution will be able to recognize these patterns from various samples of BEC and EAC attacks and use them to analyze and pinpoint similar BEC scam formats.
Find out more about how NLU can help stop BEC and other social engineering tactics through this blog.
If you are interested in learning more about the SafeGuard Cyber solution, you can take a quick 5-minute tour.