Sep 27, 2023
What happens when a fraudster seizes control of your email account? What does a cybercrime syndicate look like behind the scenes?
In our “To Catch a Fraudster” webinar series, Tom Cronkright, Executive Chairman at CertifID, spoke with Jordyn Kramer, a Senior E-Crimes Investigator at Yahoo, about the explosive growth of the $50B global business email compromise (BEC) scam.
Yahoo, the largest messaging platform in the world with the most popular email platform, serves nearly 1 billion daily active users. This makes it a top target for fraudsters and a battleground for Yahoo’s E-Crimes team. As global experts in the field, the E-Crimes team sees firsthand the impact of BEC on a business or individual at a massive scale.
Jordyn peeled back the layers of business email compromise and revealed the sophistication behind every attack. Here are the eye-opening takeaways from the webinar.
(Listen to this at 9:10.)
Business email compromise is one-third of Yahoo’s E-Crime team’s cases. Their team must actively “hunt” for signs of fraud within their platform to keep up with fraudsters. They use a three-step process to eliminate fraud.
It’s rarely just one fraudster stalking your account. In one example, Jordyn showed how complex a network of fraudsters can be behind a BEC attack.
(Listen to this at 24:28.)
When was the last time you changed your email password?
Jordyn explains that many criminals gain access to accounts by buying old passwords leaked in data breaches from the dark web. Criminals also use phishing to trick an account owner into giving up their password.
Once a criminal gains access, they sit in the shadows of your inbox and gather critical information about the transaction. Additionally, they’ll often set up auto-forwarding rules to ensure they see every email in and out of your account. They combine this tactic with rules that delete the forwarded email from your “sent” folder and expertly hide their efforts.
Title agencies, law firms, realtors, and other real estate industry professionals are prime targets for business email compromise. Real estate transactions take a long time to complete (up to 45 days on average), and include large transfers of money and many different parties; this makes them a feasting ground for fraudsters. Fraudsters use this time to learn the inner workings of the transaction, discover the names of those involved, and begin their clever social engineering attacks.
Listen in as Jordyn shares how one compromised email account resulted in a loss of $350,000 and revealed an extensive network of fraudulent accounts.
(Listen to this at 46:12.)
Despite their best efforts to conceal their activity, fraudsters leave behind digital “tells” in your inbox. This includes auto-forwarding rules (as mentioned above) and password reset requests. If you see any of the following signs, take action immediately.
Most importantly, Jordyn recommends setting up multi-factor authentication (MFA) on every account — not just your email account — to keep fraudsters out. This adds another layer of security to your account. So even if your password gets leaked, they won’t be able to gain access and begin their malicious acts.
This webinar originally premiered on September 13, 2023. Click here to watch a replay.
Want to know how to keep fraudsters at bay and protect your business? Attend our monthly “To Catch a Fraudster” webinar series.
Will is a Content Marketing Manager at CertifID. His multi-disciplinary experience as a copywriter and designer has powered growth for numerous consumer, tech, and real estate companies from the startup to enterprise level.