Over the past few years, we have seen a dramatic increase in ransomware attacks and cybercrime. These nefarious fraud schemes can happen to any individual or business, no matter if you are globally-recognized or maintain a low-profile. From 2019 to 2020, ransom attacks increased by over 150 percent.
To learn more about the methodology of how cyber criminals compromise email accounts to make victim vulnerable to exposing login credentials to their network, you can click here to read more.
To learn more about steps to take to prevent and respond to attempted security breaches of cyber criminals, click here.
Warning Signs of Business Email Compromises
If you receive an unsolicited email that contains one or more of these warning signs, it could be a scam.
- Urgency of Request: A request to transfer funds is set with a pronounced sense of urgency.
- Different Domains: Email communication originates from unknown or spoofed domain.
- Out of Contact: Requestor is unreachable, but insists on the urgency of the transfer.
- Language and Grammar: Syntax is different or erroneous.
- Multiple Emails: Multiple recipients receive emails requesting transfer of funds.
- Incorrect Context: Emails are not in the standard context normally encountered or for alternate business purposes while requesting a transfer of funds.
- Secrecy: Email sends requests that information about the transfer be kept secret.
Actions to take when receiving an email with warning signs of cyber attack
If you are weary an email sent to you or your organization is a scam, do not respond, click links, or open attachments from that email.
- Contact your bank to reverse the wire.
- Contact local law enforcement to request a report.
- Law enforcement can work with FinCEN to initiate Financial Fraud Kill Chain.
- File a complaint with the Internet Crime Complaint Center.
- Conduct cybersecurity analysis on your computer systems.
Contacting Law Enforcement
In the event of any cyber attack, it is imperative to contact law enforcement officials as soon as possible. The ability of law enforcement to respond to an attack effectively depends on their ability to access crucial information. The more time that goes by between a hacking scheme and the engagement of law enforcement decreases the likelihood of agents obtaining valuable evidence related to an investigation of a hack.
The following is a list of information that you or your organization would need to provide law enforcement to assist in an investigation:
- Copies of emails suspected to be malicious with headers and attachments.
- Copies of links suspected of causing the breach.
- Names of organizations and individuals outside your organization who were already notified of the incident.
- Timeline of events.
- Significant logs: Firewall, event logs, active directory, router.
- Other logs: DNS, web proxy, remote access authentication, DHCP lease, IDS/IPS alerts, antivirus security, VPN, two-factor authentication, SNMP, SIEM.
- Live forensic image of RAM and virtualized RAM on compromised client or server.
- Live image of breached servers.
- Physical and virtual network topology.
- Copy of malware of tools used by suspected offenders.
- Access to real-time IR firm analysis.
- Contact information for your organization’s IR team.
- Contact information for your organization’s external counsel.
- Contact information for the PCI Forensic Investigator you have engaged.
- Visibility of any internal or external communications issued by your organization to your workforce, customers, or the public.
To learn more about what you need to know when contacting law enforcement, click here.
Reporting Cyber Crimes to the Federal Government
The federal government is particularly concerned with cyber incidents as they jeopardize the confidentially and integrity of available digital information and information systems.
You should report cyber incidents to the federal government if they:
- Result in the loss of significant data, system availability, or control of systems.
- Impact a large number of potential victims.
- Indicate unauthorized access to, or malicious software present on, critical information technology systemsy.
- Affect critical infrastructure or core government functions.
- Impact national security, economic security, or public health and safety.
To learn more about the role and responsibilities of federal law enforcement agencies in combatting cybercrime, click here.