Episode Details

Each year, businesses are losing $12-$13 billion dollars because of cybercrime. One criminal tool is called the Business E-mail Compromise (BEC), aka “The Man in the Middle Attack.” It begins when criminals use information, like that readily found on social media platforms, to target an employee. The criminal may phone or email the employee, gain their trust, steal their identity, compromise and access their emails and the business network (including human resources, banking and client accounts) and so on, all for the ultimate goal of stealing large sums of money.

In this podcast, Stacy Arruda, a cybersecurity threat specialist, provides insight on how individuals and businesses can better protect themselves against cybercriminals and take steps to prevent criminals from stealing their money or exploitation them in other ways. BECs have seen a 1300% increase since 2015, and, as Arruda says, “it’s no longer a question of 'if,' it’s 'when,' and not just 'when' but when you discover that the bad guys are inside your network.” Businesses have options and they begin with training employees and reporting problems quickly. Having a strong corporate culture that trains employees about proper handling of emails, account security, personal information, and reporting can make a tremendous difference.

Stacy Arruda is a former FBI supervisory special agent with more than 20 years of experience in cybersecurity and counterintelligence.She is the CEO of the ARRUDA Group, a cyber threat consultancy firm, and the Executive Director of the not-for-profit Florida Information Sharing and Analysis Organization (FL-ISAO).

Stacy details how cyber criminals use social media to profile potential victims, building trust to gain access to networks. Anyone can be a target, and cybercriminals do their homework by connecting the dots to gain access to large payouts.

Arruda notes that women, in particular, seem to overshare information on social media, nearly every aspect of their lives, and it’s a problem. As an educator and speaker, Arruda speaks on how women can better safeguard their information, warning that online activity can escalate to physical threats and exploitation.

Children can also be targeted. Predators can use simple techniques to lure information from children and they can cross-reference social media to gain information about the family. Gaining a real name online can have a criminal scrolling a family’s social media profile and readily finding things like an email, place of work, child’s school, and after-school activities. Monitoring a child’s online activity and restricting shared information is important to the entire family’s safety.

The business email compromise,(BEC), also known as “The Man in the Middle Attack,” is a cybersecurity scam that is typically short-lived and aimed at stealing information and money. “Once they send that email, and you click on that email, the bad guy has a lot of avenues that they can go down. Once they're sitting on the network, they can steal data, they can introduce ransomware and shut down the network. They can sit on the computers and they can wait for invoices to come in and wait for payments and steal money,” states Arruda.

Well-organized criminals, terrorists and spies use the information that is innocuously shared by us to gain our trust so that they can:

• Target email attacks
• Access compromised emails and files anywhere on the network
• Access human resources
• Access business accounts, such as banking
• Disguise themselves as business representatives
• Disguise themselves as clients
• Authorize wire transfers to accounts all over the world
• Change account routing information in a record or during a transaction

Arruda recommends that companies should have security drills, much like fire drills, to implement a response plan and reinforce the compa