电子邮件有哪些安全隐患_您的公司电子邮件并不像您想象的那样安全

电子邮件有哪些安全隐患

By William Turton

威廉·特顿

The discovery of an alleged international ring of fraudsters started with a one-line email. In April 2019, a company accountant received an email that appeared to be from the chief executive officer.

发现涉嫌国际骗子团伙的原因是一封单行电子邮件。 2019年4月，一家公司会计收到了一封电子邮件，该电子邮件似乎来自首席执行官。

“Joanna, Can you mail out a check to to a Vendor today? Barbara,” the email said.

“乔安娜，您今天可以将支票寄给供应商吗？ 电子邮件中说。

The email had some hallmarks of a scam that is becoming increasingly common. But it also had a few unique attributes that intrigued cybersecurity experts at the company’s email security provider, Agari Data Inc. Using a fake email account posing as the company accountant, Agari sent back a reply.

电子邮件中有一些骗局的标志，这种骗局变得越来越普遍。 但是，它还有一些独特的属性，吸引了公司电子邮件安全提供商Agari Data Inc.的网络安全专家。Agari使用假冒的电子邮件帐户冒充公司会计，从而发回了回复。

“Hi Barbara, Yes, of course. Please send me the details for the payment and I will take care of it ASAP. Joanna,” the reply said.

“嗨，芭芭拉，是的，当然。 请向我发送付款的详细信息，我会尽快处理。 乔安娜，”答复说。

Over the next several months, Agari said it was able to unravel what’s known as a business email compromise operation. Agari dubbed the group sending the emails Exaggerated Lion, and said its members were based in Nigeria, Ghana and Kenya. Between April and August 2019, Exaggerated Lion targeted more than 3,000 people at nearly 2,100 companies, all of them in the U.S., according to an Agari report published Thursday.

在接下来的几个月中，Agari表示能够解散所谓的企业电子邮件泄露操作。 阿加里(Agari)为发送电子邮件“夸大的狮子”的组织配音，并称其成员位于尼日利亚，加纳和肯尼亚。 根据阿加里(Agari)周四发布的一份报告，在2019年4月至2019年8月期间，夸大狮军针对了近2,100家公司的3,000多人，这些公司全部在美国。

Similar email attacks are growing problem in the U.S., according to the latest Federal Bureau of Investigation report, but one that doesn’t get the headlines of state-sponsored hacks or ransomware attacks. Global losses from business email compromises increased 100% from May 2018 to July 2019, according to the FBI, which recorded 166,349 incidents from June 2016 to July 2019 and $26.2 billion in losses during that period.

根据美国联邦调查局的最新报告 ，类似的电子邮件攻击在美国正在成为日益严重的问题，但是这种攻击并没有引起国家资助的黑客或勒索软件攻击的头条新闻。 根据FBI的数据，从2018年5月到2019年7月，全球因企业电子邮件泄露造成的损失增加了100％，该事件从2016年6月到2019年7月记录了166,349起事件，在此期间损失了262亿美元。

In one of its simplest forms, a business email compromise operator will send an email posing as the chief executive officer to an accounts payable department with an urgent request to transfer funds or fulfill a fake invoice. In another example, payroll representatives will receive an email appearing to be from an employee requesting to update their direct deposit information — often to a prepaid card account. Companies often realize something is amiss only when it’s too late to recover the transferred funds.

商业电子邮件泄密操作员以一种最简单的形式将冒充首席执行官身份的电子邮件发送给应付账款部门，以紧急请求转账资金或伪造发票。 在另一个示例中，工资代表将收到一封电子邮件，该电子邮件似乎来自一名员工，请求更新其直接存款信息-通常更新为预付卡帐户。 公司常常只有在为时已晚才能收回已转移的资金时才意识到有些不对劲。

“We think of business email compromise as any attack which claims to be someone you know and trust and is attempting some kind of theft,” said Patrick Peterson, Agari’s founder and chief executive officer, in an online video. “This has been far too successful.”

Agari的创始人兼首席执行官帕特里克·彼得森(Patrick Peterson)在在线视频中说：“我们认为企业电子邮件泄密是任何声称是您认识和信任的人，并且正在尝试某种盗窃的攻击。” “这太成功了。”

Leveraging its position as an email security provider, Agari can sometimes see email scams that target its customers as they happen. In some cases, the company intervenes to communicate with the fraudster, posing as a clueless employee in order to draw out more details. That’s what happened with Exaggerated Lion, when the operation sent the email to the company, which Agari declined to name, last April.

利用其作为电子邮件安全提供商的地位，Agari有时会看到针对其客户的电子邮件骗局。 在某些情况下，公司会介入与欺诈者的沟通，冒充一无所知的员工，以提出更多细节。 去年4月，该公司向Agari拒绝透露姓名的公司发送电子邮件给Exaggerated Lion就是这种情况。

In the months that followed, Agari said it engaged with Exaggerated Lion more than 200 times, and discovered the identity of 28 “mules” used to ferry payments between victims and the group itself. Mules are primarily recruited by Exaggerated Lion under the pretense of romance and likely unaware they are participating in a criminal enterprise, the company said. “These romance-victims-turned-money-mules are told they are helping their romantic partner recover a large inheritance that is tied up with lawyers and is being distributed slowly over time,” according to Agari.

在接下来的几个月中，阿加里(Agari)说，它与“夸大的狮子”接触了200次以上，并发现了28个“ mul子”的身份，这些“ mul子”用于在受害者和组织本身之间运送款项。 该公司表示，子主要是在浪漫的幌子下由夸大狮子公司招募的，很可能没有意识到他们正在参与犯罪活动。 阿加里说：“这些浪漫的受害者变成了钱mul子，他们被告知他们正在帮助他们的浪漫伴侣恢复与律师捆绑在一起的庞大遗产，并且随着时间的流逝会慢慢分发。”

In one exchange with a mule included in Agari’s report, a member of Exaggerated Lion wrote, “Okay honey please put the cash in big envelope and seal it before taking to FedEx.”

在一次与Agari报告中包含的m子的交换中，Exaggerated Lion的一名成员写道：“好吧，亲爱的，请把现金装在大信封中并密封，然后再送往FedEx。”

The unnamed mule responded, “Honey, that’s a lot of money to send cash that’s a heck of a liability it could be lost anywhere.”

这位不愿透露姓名的m子回答说：“亲爱的，这笔钱实在是一笔巨款，有可能会在任何地方丢失。”

Exaggerated Lion’s representative then wrote, “It can’t honey. As long as you insure it. And I’ve received more than that through cash mailing when my dad was still alive.”

夸大的狮子代表然后写道：“它不能亲爱的。 只要您保证就可以。 当我父亲还活着的时候，我通过现金邮件收到的收益更多。”

Agari declined to say how it obtained the digital conversations.

阿加里拒绝透露如何获得数字对话。

As the fake relationship progresses, mules are asked to launder increasingly larger sums of money, according to Agari. Once an unsuspecting business parts with its cash, through a paper check or wire transfer, Exaggerated Lion’s mules have a variety of ways to get the money back to them. Once a physical check is cashed, the money can be delivered to Exaggerated Lion via traditional money transfer, Bitcoin, or gift cards, according to Agari.

根据阿加里(Agari)的说法，随着假冒关系的发展，要求mu子清洗越来越多的钱。 毫不怀疑的企业一旦通过现金支票或电汇分手了现金，夸张的狮子s子就有多种方式将钱还给他们。 根据Agari的说法，一旦兑现了实物支票，就可以通过传统的汇款，比特币或礼品卡将钱送到夸大的狮子头。

Agari said it turned its information on the mules over to financial partners and law enforcement.

阿加里(Agari)表示已将有关mu子的信息移交给了金融合作伙伴和执法部门。

Exaggerated Lion began operating in 2014 by running check scams on Craigslist and has since become more sophisticated, according to the report. One scam the group allegedly operated for years involved recruiting people to wrap their car with marketing decals for a beverage company in exchange for a fixed amount of money every week.

报告称，夸张的狮子从2014年开始运作，方法是在Craigslist上运行检查骗局，此后变得更加复杂。 该组织据称进行了多年的骗局，涉及招募人员用饮料公司的营销贴花包裹他们的汽车，以换取每周固定的金额。

Participants, who responded to an online ad or email, would be sent a fake check, which included the first month’s pay and money for a specialist to place advertisements on the car. Respondents were then instructed to keep the first month’s pay and wire the money to the “specialist,” who was really a money mule or a member of Exaggerated Lion, according to Agari.

响应在线广告或电子邮件的参与者将收到一张伪造的支票，其中包括第一个月的薪水和金钱，以让专家在汽车上放置广告。 据阿加里说，然后指示受访者保留第一个月的工资，然后将钱汇给“专家”，后者实际上是m子或夸大狮子的成员。

What makes Exaggerated Lion unique in the world of business email compromise is its preference for physical checks, a payment method the group had “experience and comfort with,” according to Agari. Paper checks may be helpful in evading systems designed to detect fraudulent wire transfers. Exaggerated Lion requests these checks to be sent as fast as possible, through an overnight mail service, according to exchanges contained in the Agari report. But when a victim is hesitant about sending a check, Exaggerated Lion is quick to suggest a bank account to wire money to, according to the report.

根据Agari的说法，使Exaggerated Lion在商务电子邮件妥协领域中与众不同的原因在于，它偏爱于物理支票，这是该集团“经验和舒适”的一种付款方式。 纸质支票可能有助于规避旨在检测欺诈性电汇的系统。 根据Agari报告中的交流，夸大的Lion要求通过隔夜邮件服务尽快发送这些支票。 但是，据报道，当受害者不愿发送支票时，夸张的狮子很快就会建议一个银行账户来汇款。

Exaggerated Lion also used fake invoices, created using a free invoice generator, and W-9s, publicly available on the Internal Revenue Service website, “to inject a sense of authenticity in their attacks,” according to Agari. The group also used Google’s enterprise email service to send more emails, the security company said. “Google doesn’t start charging for G Suite until after the first month,” Agari said in its report. “This means Exaggerated Lion can create a new G Suite account, add compromised credit card information as a payment method, and effectively have at least a 30-day free trial on each domain they set up.”

据Agari称，夸张的狮子还使用了由免费发票生成器创建的伪造发票和可在国税局网站上公开获得的W-9，以“在攻击中注入真实感”。 该安全公司表示，该组织还利用Google的企业电子邮件服务发送了更多电子邮件。 阿加里(Agari)在报告中表示：“直到第一个月，Google才开始向G Suite收费。” “这意味着Exaggered Lion可以创建一个新的G Suite帐户，添加已泄露的信用卡信息作为付款方式，并有效地对其设置的每个域进行至少30天的免费试用。”

If the credit card doesn’t work, the group “can simply move on to another account,” Agari wrote. With a Google Enterprise account, Exaggerated Lion can send 2,000 emails a day, four times more than a regular gmail account. Google declined to comment.

如果信用卡不起作用，该小组“可以简单地转到另一个帐户”，Agari写道。 使用Google Enterprise帐户，Exaggerated Lion每天可以发送2,000封电子邮件，是普通gmail帐户的四倍。 谷歌拒绝置评。

Among the mules identified by Agari was 63-year-old Reuben Alvarez Sr., of Beaumont, Texas, who was arrested in October 2019 and accused of laundering more than $100,000, nearly $70,000 of which came from the United Methodist Church, according to a probable cause affidavit from the Jefferson County Sheriff’s Office. The rest came from small-to-medium-sized businesses, such as an insurance company in Ohio and golf courses in Alabama, who were all victims of a business email compromise scam, according to the affidavit. Agari said its researchers discovered 14 messages where Exaggerated Lion directed its targets to send money to Alvarez’s bank accounts.

据阿加里(Agari)鉴定的the子中，得克萨斯州博蒙特的63岁的鲁本·阿尔瓦雷斯(Reuben Alvarez Sr.)于2019年10月被捕，被指控洗钱超过100,000美元，其中近70,000美元来自联合卫理公会。杰斐逊县警长办公室的可能的誓章。 宣誓书说，其余的来自中小型企业，例如俄亥俄州的一家保险公司和阿拉巴马州的高尔夫球场，它们都是企业电子邮件泄密骗局的受害者。 阿加里(Agari)说，其研究人员发现了14条信息，其中夸大的狮子指示其目标向阿尔瓦雷斯的银行帐户汇款。

Alvarez’s case is pending and he hasn’t yet entered a plea, according to the district attorney’s office. Neither Alvarez nor his attorney could be located for comment.

根据地方检察官办公室的说法，阿尔瓦雷斯的案件尚在审理中，他尚未提出上诉。 阿尔瓦雷斯和他的律师都找不到发表评论的位置。

In an interview with a detective, Alvarez said the money he received came from a woman he believed to be named “Peggy Smith,” who lived in Washington State. Alvarez said he knew Smith from chatting online for three or four years but had never met her in person. Alvarez told the detective that he assumed the money came as part of Smith’s inheritance payments after her parents died. But Alvarez said he knew his activities constituted a crime, according to the affidavit. When the detective drove Alvarez home, he handed over a package he had received the day before: it contained a $25,647 check from a Tennessee health care company.

阿尔瓦雷斯在接受侦探的采访时说，他收到的钱来自一个据信名为“佩吉·史密斯”(Peggy Smith)的妇女，她住在华盛顿州。 阿尔瓦雷斯(Alvarez)说，他从三到四年的网上聊天中就认识史密斯，但从未见过她。 阿尔瓦雷斯对侦探说，他以为这笔钱是史密斯父母去世后作为遗产支付的一部分。 宣誓书说，但阿尔瓦雷斯说，他知道自己的行为构成犯罪。 当侦探开车将阿尔瓦雷斯带回家时，他交出了前一天收到的包裹：里面装有田纳西州一家医疗保健公司提供的25,647美元的支票。

翻译自: https://medium.com/bloomberg/your-corporate-email-isnt-as-safe-as-you-think-4b9f57a3c252

电子邮件有哪些安全隐患