Getty Images

FBI: BEC attacks spreading to virtual meetings

Since the start of the COVID-19 pandemic, many workplaces have shifted to virtual meeting platforms, and the FBI warned that threat actors have taken note.

The FBI warned that virtual meetings have become opportunities for threat actors to commit cyber attacks, impersonation and fraud.

Since the start of the COVID-19 pandemic in 2020, workplaces all around the world have shifted to remote collaboration and communication platforms such as Zoom, Microsoft Teams and others. While this shift in how companies and employees operate has brought great convenience, the FBI has noted that it has created a new avenue for business email compromise (BEC) attacks and other forms of cyberfraud.

The increased use of virtual meeting platforms was the focus of an FBI alert Wednesday. Since 2019, the FBI's Internet Crime Complaint Center (IC3) "has received an increase of BEC complaints involving the use of virtual meeting platforms to instruct victims to send unauthorized transfers of funds to fraudulent accounts."

The FBI found that threat actors are accessing these platforms by compromising employee email accounts and then claiming to be a high-ranking member of the company. Once inside a company impersonating a CFO or CEO, for example, the intruders will then attempt to request a financial transaction or transfer of funds through a virtual meeting platform.

The FBI alert described three main ways that cybercriminals will try to fool targets.

In the first strategy, the threat actor would attempt to request a transfer of funds from an employee by directly impersonating a higher-ranking member of the company on a virtual meeting platform. The FBI said that the criminals will often "insert a still picture of the CEO with no audio, or 'deep fake' audio, and claim their video/audio is not properly working. They then proceed to instruct employees to initiate transfers of funds via the virtual meeting platform chat or in a follow-up email."

Eric Milam, the vice president of research and intelligence at BlackBerry, discussed the problem with new technology like deepfakes.

"You're already hearing about people using voice to steal money from banks and authenticate themselves," Milam said. "Deepfakes are like CGI. We've had it for years; it's only going to get better and now we have the power in our cell phones to do it."

The second method outlined in the alert was when the criminals simply logged into a virtual meeting using a compromised email and observed and collected company information. Many of the virtual meeting platforms have options to mute yourself and turn off your camera, so threat actors can be quite inconspicuous.

The third manner that the FBI identified was an indirect use of virtual meetings by cybercriminals where they claim to be in a virtual meeting and unable to transfer funds themselves. The FBI described it as "compromising an employer's email, such as the CEO, and sending spoofed emails to employees instructing them to initiate transfers of funds, as the CEO claims to be occupied in a virtual meeting and unable to initiate a transfer of funds via their own computer."

The FBI was not the only group to identify this virtual work setting as a potential threat to cybersecurity. In its 2022 Threat Report, BlackBerry discussed the threats to company and employee data created by the advancing infrastructure of hybrid workplaces. The report saw the rise in attacks stemming partially from the lack of preparation for this more virtual world.

BlackBerry also noted that the cost of these breaches in a hybrid work setting is greater than a traditional one. Citing an IBM survey, BlackBerry said there was a "$1.07M increase in breach costs (from $3.89 million to $4.96 million) when remote work was a factor," and that it took "58 days longer to identify and contain a breach when 50% or more of employees work remotely."

When it comes to the prevention of these attacks and being safe in this hybrid work environment, both the FBI and BlackBerry said that smarter cyberhygiene is key. Employees should be aware of all emails and links they receive and verify all messages sent to them and people they are dealing with. Companies should also proactively update their security software and patch vulnerabilities as soon as they are found.

Next Steps

Deepfake technology risky but intriguing for enterprises

Dig Deeper on Threats and vulnerabilities

Enterprise Desktop
Cloud Computing