Title Company Falls Prey to Business Email Compromise (BEC)
Responding to Sophisticated Phishing Attacks
A title company – through its normal course of business – performs millions of dollars in financial transactions every year via wire transfers. After several transfers failed to reach the correct client, the company began to investigate the transfer process and learned that they had become a victim of fraud, with losses totaling more than $700,000.
Pathway Forensics was engaged to conduct the investigation and mitigate any digital threats that might still be lurking on the company network. During the investigation, our analysts quickly noticed that a broker’s email account had been compromised during a sophisticated phishing attack in which malicious actors set up forwarding rules to an unknown outside address. We also learned these actors would observe email activity within the company and wait for wire transfer instructions to be ordered. At that time, they would interject into the conversation – acting as the broker’s manager – and then change the transfer routing information and account.
Upon completing the investigation, Pathway remediated the forwarding rules and reviewed all other email configurations for indications of compromise. All effected employees’ accounts were reset and two-factor authentication was implemented as an additional layer of protection. We documented our findings in an official report that the client shared with law enforcement to begin an official criminal investigation.