Email Compromise Scheme

APCO has identified a cyber compromise scheme that could have an impact on our organization.  This method has been attempted on prior occasions and has become active yet again this week.  Due to the repetitive nature of this event, we believe it is important that APCO members refresh their awareness of this type of cyberattack.

The following message from the DHS Cybersecurity and Infrastructure Security Agency (CISA) gives a high level description of this method:

“Business email compromise (BEC) is a scheme in which cybercriminals send out targeted email messages to personnel with finance or resource roles within an organization in order to trick them into transferring funds to the cybercriminals.

Frequently, the BEC emails are made to look like they are from senior executives within an organization or trusted vendors to increase the urgency for victim individuals.”

We encourage all of you to understand the unique BEC threat and to learn to recognize BEC scams. This is especially important for anyone with the ability to facilitate financial transactions or that handle sensitive personal or financial information. In most cases, while the name of the sender may appear to be an APCO Elected Official, Executive, or Director, or a senior level contact at a vendor, the Email address associated with that sender will not be a legitimate Email address for that person. In many cases, “hovering” (placing your cursor over the email address, but NOT clicking on it) on the email senders name will allow you to see that the return address is not legitimate. However, in some cases, we have seen email accounts that have been compromised, so it is important to remember, DO NOT CLICK ON LINKS in any suspicious email, or in any email asking you to provide personal information, or assist in any kind of financial transaction. 

The human element plays the most significant role in BEC, and the primary prevention starts with all of us. If you receive a suspicious Email requesting financial or sensitive information or action that appears to come from an APCO Elected Official, Executive, Director, or vendor contact you have done business with, you should not reply directly to the email. In most cases you can simply delete the email, without clicking on any links or responding in any way. If you have any doubts,  you should contact the person identified as the sender directly (via known, legitimate Email, in person, or via known, legitimate phone number) to determine if the request is legitimate. This two-step verification process of following up with the requesting individual directly will mitigate most of the BEC campaigns from being successful.

If you have any questions or need any additional assistance with regard to this issue please do not hesitate to reach out via your elected leadership, or to APCO staff at Cybersecurity@apcointl.org. Thank you for your continued vigilance and ongoing efforts to keep our organization safe and secure.