National ISACs, FBI, USSS and Symantec Collaborate to Fight Business Email Compromise
BEC is a sophisticated scam using email and/or other electronic communication to impersonate a business executive, employee, or other person with authority to request payments or access to employee payroll and W2 information on behalf of their company or organization.
To help educate businesses and individuals on ways to combat BEC, the USSS, FBI and Symantec are joining forces with the following ISACs to offer free workshops around the country:
- Multi-State Information Sharing and Analysis Center (MS-ISAC)
- National Health Information Sharing and Analysis Center (NH-ISAC)
- Research and Education Network (REN-ISAC)
- Retail Cyber Intelligence Sharing Center (R-CISC)
Business leaders are invited to join these workshops to learn about BEC, a very real & proliferating cybersecurity threat. Cybersecurity experts from the USSS, FBI and private sector will be sharing their experiences & expertise around BEC, how BEC can impact companies and how to protect against becoming the next victim.
Each half-day workshop will include discussion around topics including:
- Describing the Business Email Compromise (BEC) threat
- The current threat landscape
- Tactics, techniques & procedures used by the criminals
- Why situational awareness & information sharing are important
- Offer strategies to help protect your organization from BEC attacks
“The Business Email Compromise (BEC) has become an increasingly sophisticated scam targeting businesses that regularly perform wire transfer payments. The Secret Service is committed to working with our public and private partners to educate the business community while seeking new and innovative ways to combat this emerging cyber threat,” said Robert Novy, Deputy Assistant Director for Cyber at The United States Secret Service.
“Investigating Business Email Compromise (BEC) scams is a top priority for the FBI. This year, the FBI’s Internet Crime Complaint Center, began tracking these scams as a single crime type, illustrating the significance of the threat. It is crucial that all businesses and individuals who feel they have been the victim of BEC file a complaint with www.ic3.gov. Rapid notification allows the FBI to quickly deploy FBI resources to provide assistance and conduct law enforcement actions as appropriate,” said Scott Smith, Assistant Director, Cyber Division at The Federal Bureau of Investigation.
“The R-CISC community is working together to share information and intelligence on Business Email Compromise (BEC) threats, improving our collective knowledge and response. These workshops are a great resource for business and government employees to learn not only about these threats but the resources available to them,” said Suzie Squier, Executive Director of the R-CISC.
“Business Email Compromise attacks (BEC) are the latest sophisticated email threats targeting organizations of all sizes, our research from the 2017 Symantec Internet Security Threat Report shows they target more than 400 businesses a day. Symantec provides comprehensive protection from BEC scams and is working with security experts around the world to identify and protect against these dangerous attacks by sharing insights from threat research and best practices,” said Jane Wong, Vice President of Product Management and Engineering, Messaging Security at Symantec.
“We received tremendous positive feedback from last year’s Ransomware Roadshow workshops. NH-ISAC is pleased to be partnering again with FBI and the Secret Service as well as its sister ISACs and Symantec to bring valuable information to the public on the Business Email Compromise threat,” said Denise Anderson, President of NH-ISAC and Chair National Council of ISACs.
“Business Email Compromise (BEC) activity is a growing problem facing the SLTT community. It emphasizes the need for good cyber hygiene practices at all levels of government,” said Thomas Duffy, Chair of Multi-State ISAC.
“Protection against the growing threat of business email compromise includes the need for aware and savvy users. These workshops will help professionals who are targeted by attackers make smarter choices to prevent financial fraud,” said Kim Milford, Executive Director at Research and Education Network (REN-ISAC).
Workshops will be conducted in the following cities: Kansas City, MO; Nashville, TN; Boston, MA; Seattle, WA; Denver, CO; Dallas, TX; Phoenix, AZ; San Francisco, CA; Los Angeles, CA; Kennedy Space Center, FL; New York, NY; Akron, OH.
About the Retail Cyber Intelligence Sharing Center (R-CISC)
The R-CISC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, and cybersecurity industry partners worldwide. The R-CISC supports its member base, representing over $1 Trillion in annual revenue, by serving as the conduit for collaboration, threat and best practice sharing, and cooperation. Through building and sustaining valuable programs, partnerships, products and opportunities, the R-CISC enables its members to grow their trust-based relationships, strategic knowledge and tactical capabilities. For more information on R-CISC membership and benefits visit us at our home page https://r-cisc.org.