Defending Your Organization Against Business Email Compromise
May 2019 • Podcast
Anne Connell discusses recent business email compromise attacks, such as Operation Wire Wire, and offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.
“It’s amazing to learn how sophisticated these rings are getting. We have people here going to graduate school. They are spending two years of their lives to get a degree. These guys can get up to speed in about three, four months and really create some amazing attacks.”
Software Engineering Institute
In June 2018, federal authorities announced a significant, coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals. Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States and overseas, including 29 in Nigeria and 3 in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers. Anne Connell, a researcher in the SEI’s CERT Division, discusses the information that can be gleaned from a close examination of recent BEC attacks, including the one at the center of Operation Wire Wire and another attack involving a Texas energy company. Connell also offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.
About the Speaker
Anne Connell is a cybersecurity engineer with the Cybersecurity Risk & Resilience Directorate of the CERT Division at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). In this role, Connell contributes to research and development focused on improving the security and resilience of the nation’s critical infrastructure and assets. Connell’s research, which includes compliance management, transactional issues, and data breach response, addresses privacy and cybersecurity concerns. Connell holds certifications in CIPP and CIPT.
Connell was the project lead of the FBI Cyber Investigator Certificate Program (CICP), developed for the 750,000 LEO members on cybersecurity investigations. Connell also teaches the course “Privacy in the Digital Age” at the CMU Heinz College of Information Systems and Public Policy and volunteers with Pittsburgh Public Schools to educate students on the internet and social media.
Prior to joining the SEI, Connell was a network manager with the CMU School of Design and a product lead with Maya. Connell holds a bachelor of science degree in Information Systems and a master’s degree in Human and Computer Interaction from Carnegie Mellon University.