Dear colleagues,

As we settle into the beginning of the year, ITS would like to take the opportunity to discuss two scams that are currently prevalent: CEO fraud/ Business email compromise, and Coronavirus relief.

CEO Fraud/ Business Email Compromise (BEC)

CEO fraud is a particularly sophisticated form of BEC where a threat actor poses as an executive or upper-level manager and requests an urgent payment from an employee, typically from financials or human resources.

About two-thirds of all breaches are related to email and user account compromise (2020 Verizon Data Breach Investigations Report). Of those breaches, BEC attacks are among the more costly of financial risks. For example, BEC scams were responsible for $26 billion in losses between June 2016 and July 2019.

Similar to common phishing indicators, there are a few ways to identify and protect yourself against BEC attacks.

• Most CEO fraud emails use variations of legitimate email addresses and may even include a logo and/ or signature. Since these accounts are external to LBCC, all such emails include the following warning:
  
  CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
   
• Ensure the email address and the sender’s name match, especially when using a mobile phone or device.
• Hover over links before you click on them to ensure their validity. If the URL of the link doesn’t match the known/ expected destination, do not click on it.
• Beware of time-sensitive or last-minute requests and changes. Pressure tactics are a hallmark of phishing attacks.
• If a call, email, or text seems suspicious, use known contact information and resources to verify the request. Do not reply directly back to the email or use the given phone number.

Coronavirus Relief Funding Scam

Threat actors are now posing as government agencies and officials under the guise of Coronavirus relief funding in an effort to steal money.

The Federal Trade Commission (FTC) is warning of a new scam that appears to come from Joe Simmons, Chairman of the FTC. The scam states that you are due relief money, and may contain a fake FTC certificate. Do not respond. If you do reply, the sender will state that you need to pre-pay taxes, and may include a fake letter from the IRS to help add to its legitimacy.

Like the BEC tips above, there are a few things you can do to identify and protect yourself against this scam and others like it.

• Government agencies do not call, email, or text threats/ demands for money.
• Caller ID can be spoofed, so do not trust it. Perpetrators often use the names of real government agencies when vishing (voice phishing).
• If someone asks you to pay using gift cards or wire transfers, it is a scam and you will lose that money.
• If a call, email, or text seems suspicious, use known contact information and resources to verify the request. Do not reply directly back to the email or use the given phone number.

Have You Been the Victim of a Scam?

If you believe you have been the victim of a scam, you are urged to consider the following actions:

• Report the incident to your local police and file online reports at the Federal Trade Commission’s Report Fraud page and the FBI’s Internet Crime Complaint Center (IC3) page.
• Watch for unexpected or unexplained charges to your account. If any appear, contact your financial institution immediately and close any accounts that may have been compromised. See CISA’s Preventing and Responding to Identity Theft Tip for more information.
• Immediately change any passwords you might have given out. Avoid reusing passwords. See Password & Passphrase Best Practices for more information.

If you have any questions regarding this or any previous advisory, please feel free to email the Office of Information Security.