Recently Hindustan Aeronautics Limited (HAL), India’s leading defense PSU, suffered a financial loss of ₹55 lakh after cybercriminals tricked the company into making payments to a fraudulent bank account. The incident highlights the rise of Business Email Compromise (BEC) scams, where attackers exploit email-based vulnerabilities for financial gains. HAL procures fighter jet parts from multiple global vendors. The attackers impersonated one such vendor, using deceptive emails to convince HAL’s finance team to transfer funds to an unauthorized account. The case is a reminder that even the most secure organizations are vulnerable to cyber threats.
Check Point Harmony’s AI can help you protect from the dangers of the BEC case you are about to read!
How Do BEC Attacks Work?
Cybercriminals employ various tactics to execute BEC scams, such as-
- Email Spoofing: The attacker forges an email address to make it appear as if it’s from a legitimate and known source.
- Domain Impersonation: A fake domain resembling an authentic one (e.g., “hal-india.co” instead of “hal-india.com”) is used to trick recipients.
- Credential Theft: Hackers gain access to an email account and send fraudulent emails from a genuine company address.
- Fake Invoice Scams: Attackers send a payment request that looks identical to a legitimate invoice but redirects funds to a fraudulent account.
Why Are BEC Attacks So Hard to Detect?
- Employees tend to trust emails appearing to be from known contacts.
- Since no malicious attachments or links are involved, traditional anti-virus software often fails to flag them.
- Attackers research their targets thoroughly, making their requests appear legitimate.
- Fraudsters keep refining their methods to stay ahead of detection tools.
How Check Point Harmony Can Prevent Email-Based Financial Fraud
- Domain Impersonation Detection: The email is sent from hal-india.co instead of hal-india.com. AI identifies slight variations in domain names used for spoofing.
- Behavior Detection: AI compares the sender’s previous communication style, phrasing, and email patterns. If the sender has never sent such requests before, the email is flagged.
- Contextual Analysis: The AI scans for words like “urgent,” “updated bank details,” “pending payment”, and “avoid shipment delays,” which are common in BEC scams.
- Banking Detail Mismatch: AI cross-checks previous payment records and detects inconsistency in bank details. If no prior payment was made to HAL Aerospace Pvt. Ltd., the email is flagged as suspicious.
- Reply-To Address Mismatch: AI detects if the reply-to address differs from the sender’s domain.
- User Behavior Analytics: If the finance team has never interacted with this sender before, an alert is triggered for verification.
Don’t let cybercriminals target your organization. Connect with Logix for proactive email security today!