Introduction
You may have heard about Business Email Compromise (BEC) scams before, which are a type of phishing threat meant to trick you into giving up private company information by posing as a professional associate. In other words, someone pretending to be your supervisor asks for an end-of-day report. These scams have long posed a risk to organizations of all sizes. Recently, though, the FBI released a warning that cybercriminals are engaging more and more often in what’s known as Business Identity Compromise.
Business Identity Compromise, or BIC, is a cyber-scam that steals the identifying information of a company, usually a smaller business but not exclusively, to defraud the organization and the people inside it.
Types of BIC
Over the past several years, and especially after the onset of the pandemic, these BIC scams have reached record highs according to the National Cybersecurity Society. More people working remote at least some of the time means more virtual meetings with your coworkers, which has added a new avenue for cyber-threats in many companies that weren’t virtual at all, before.
So you might be a target for hackers to break into the local network; that’s been true for as long as WiFi existed, and the reason to closely guard your work accounts. However, employees can also be affected in data breaches of the company as surely as its shareholders. Not only does your employer have private data on you, like your Social Security number and bank information, but they have also assigned you an employment identification number (EIN) which can be stolen too. That would equal a lot of one-on-one time with the IRS to sort out your stolen identity!
How BIC Scammers Trick You
The question thus becomes: How do cybercriminals launch BIC attacks, and what can we do to protect ourselves?
Within that recent warning about the rise in BIC attacks, the FBI also noted that deepfaking is a common strategy for cybercriminals. This has been made possible by the advancements in AI created over the past decade, and as a result, they’ve made social engineering attacks even more captivating and, hence, dangerous.
Do you remember how novel it was when Facebook started suggesting who to tag in your photos? Since then, technology has come a remarkably long way. Now, it can generate a person’s face for pictures and even include a digital recreation of their voice, on video calls. AI can now learn enough about your voice and image to recreate it. This is called deepfaking.
How does this work in real life? Say someone had the means and motive to pretend they were your boss on a video call, or a potential investor at a virtual conference. You’d be much more likely to spill the company’s, and even your own, confidential information without thinking twice!
Protecting Yourself from Deepfakes
Avoid becoming a victim of BIC scams with many of the same tactics that you use to stave off any other social engineering attack. Deepfakes can sometimes be identified by blurry or pixelated edges around the person onscreen, as well as unusual requests or if they seem to be fishing (pun intended) for information that seems out of their security clearance.
While plenty of people keep photos of themselves online, beware how often you use your voice on camera and the security of the sites where you post those videos. An influencer with 2M Instagram followers and a daily vlog would be a lot easier to deepfake than a person with their profile set to private who only accepts known friends.
Password protect your virtual meetings to ensure only those invited can actually join. If you get any unusual requests for money or information, even if the person appears to be speaking directly with you on videochat, it never hurts to take a few seconds to verify through the proper, secure channels that the request was genuine.
Conclusion
Cybercriminals are constantly adapting their devious ways to trick us into handing over our credentials and private information. Don’t put your company’s or your own data at risk! Learn how to recognize deepfakes to help protect your systems from Business Identity Compromise, and any other threat that might approach.
Digital criminals don’t take a break, and your security awareness shouldn’t either. Follow our blog for more tips on staying cybersecure!
References