Over the past two weeks, a number of Business Email Compromise scams have targeted 17 U.S., 10 U.K. and eight Canadian healthcare organizations, according to a blog post from IT security company Trend Micro.
One type of BEC scam involves CEO fraud. By impersonating the organization CEO's email account, the scammer cons employees into transferring company funds into a classified bank account. On average, each employee transferred a total of $140,000 to the cybercriminal, according to Trend Micro.
Trend Micro outlined two primary techniques involved in BEC scams.
- Altered "From" field. In this type of scam, the cybercriminal changes the "From" field in an email to make it appear as though the email came from the CEO. However, the "Reply To" field contains the scammer's email address.
- Copycat domain names. The cybercriminal uses domain name that's very similar to the healthcare organization's. Oftentimes, only one character in the domain is changed. The subject line of the email contains phrases such as "extremely urgent" or "due payment."