At some point, you’ve probably received an email notifying you that an African prince has passed away and wants to leave you a small fortune. Most know that it’s a scam and ignore it. But what about an official email from your lawyer, relative, or CEO?
This is one of the many ways in which scammers are becoming increasingly sophisticated. In these so-called account takeovers, criminals gain control of an email account and use it to act nefariously within a network.
Once in, they can infect an organisation with ransomware, sell sensitive information on the black market, or intercept multi-million dollar wire transfers, as with tech firm Ubiquiti, which fell victim to a $46m cyberheist in 2015.
In some cases, such as the homeless homebuyer scam, people lose everything.
Research suggests that these types of attacks are on the rise. The FBI found that business email compromise attack losses totalled $675m in 2017. It’s a 300% increase when compared to 2014, and the threat appears to be growing.
A recent ten-month-long operation by cybersecurity company Agari discovered 89 criminal accounts belonging to 12 criminal organisations. They contained 113, 861 unique email messages duping individuals through email scams.
And between April and June 2018, cybersecurity company Barracuda Networks ran a study on 50 randomly selected companies, finding 60 account takeover incidents.
Why are account takeovers on the rise?
According to vice president of email security at Barracuda Networks Asaf Cidon, there are several reasons for the growing threat. One of these is the switch to cloud-based email solutions such as Office 365 and Gmail.
“Once you steal the credentials of someone it’s probably a little bit easier to login to that account if it’s a cloud email account rather than an on-premises server,” Cidon told Verdict.
It is also far less likely for an internal email to be scanned. From the hackers’ point of view, this can be devastatingly effective, particularly if it comes from an executive level.
People have also wised up to the implausible get-rich-quick email scams, forcing scammers to adapt their approach.
“We think there’s a lot of economic pressure on the attackers to basically move to other forms of attack that are not stopped effectively,” said Cidon.
There is also cost to consider: most criminal scammer operations are low-cost, high-volume operations that rely on you failing to properly protect your account, rather than high-tech, brute force encryption breaking algorithms.
Nigerian crime rings
While there is a broad spectrum of scammers taking part in account takeovers, various research shows that many of the attacks originate from Nigeria, the birthplace of the ‘Nigerian 419’ inheritance scam.
Agari’s investigation found that while most cybersecurity news focuses on the threat from Russia or North Korea, “American businesses and individuals are far more likely to be targeted by Nigerian scam artists.”
Between 2016 and 2018, Nigerian scam artists monitored by Agari ramped up their business email compromise attacks and a Europool report recently warned against the growing threat of social engineering attacks originating from West Africa.
“Some of these attacks we absolutely know that they originate from Nigeria, we see that they are coming from Nigerian IPs,” said Cidon. “So some of these attacks are absolutely organised where there’s a big specific company getting targeted.
While it is difficult to bring the criminals to justice, the FBI arrested 74 scammers in July across the world as part of a six-month operation – 29 of those were based in Nigeria.
“I suspect that it’s a drop in the bucket,” said Cidon, estimating that as many as 90% of scam artists don’t get caught.
A strong password and multi-factor authentication can help defend against account takeovers, as can cybersecurity training for employees.
Artificial intelligence is also increasingly being used by cybersecurity companies. Algorithms can monitor communication patterns and identify abnormal behaviours. With machine learning, AI can trawl through oceans of data and learn to recognise new patterns, making it harder still for that Nigerian Prince to bequeath his inheritance.
To find out more about account takeovers, read ‘Account Takeover: The Devastating Successor to Phishing Attacks‘ on our sister publication Verdict Encrypt.
Verdict deals analysis methodology
This analysis considers only announced and completed artificial intelligence deals from the GlobalData financial deals database and excludes all terminated and rumoured deals. Country and industry are defined according to the headquarters and dominant industry of the target firm. The term ‘acquisition’ refers to both completed deals and those in the bidding stage.
GlobalData tracks real-time data concerning all merger and acquisition, private equity/venture capital and asset transaction activity around the world from thousands of company websites and other reliable sources.
More in-depth reports and analysis on all reported deals are available for subscribers to GlobalData’s deals database.