Employers may frown upon employees using personal email to handle business communications, but according to the U.S. Secret Service, business email accounts can be highly vulnerable to cybercrime.
At this week’s XChange 2015 conference in Washington, D.C., Jason B. Brown from the U.S. Secret Service detailed two separate methods hackers use to manipulate business email accounts. The first is that hackers log into emails and watch transactions between suppliers and customers until an opportunity is presented to capitalize on a fiscal exchange.
“The hacker crafts a separate email, uses the same email chain that was utilized before between the two valid transactions, and does essentially a ‘man in the middle’ attack,” Brown explained during keynote address at the conference, hosed by CRN publisher The Channel Company.
The second type of a business email compromise is an even longer con. Essentially, hackers wait for an executive to leave the country, then the hackers impersonate the executive over his or her business email account ordering a financial transaction.
“Before the company actually figures out what’s going on, the money’s gone,” Brown said.
PUBLISHED AUG. 9, 2015