search menu icon-carat-right cmu-wordmark

Defending Your Organization Against Business Email Compromise

May 2019 Podcast
Anne Connell

Anne Connell discusses recent business email compromise attacks, such as Operation Wire Wire, and offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.

“It’s amazing to learn how sophisticated these rings are getting. We have people here going to graduate school. They are spending two years of their lives to get a degree. These guys can get up to speed in about three, four months and really create some amazing attacks.”

Listen

Watch

Abstract

In June 2018, federal authorities announced a significant, coordinated effort to disrupt business email compromise (BEC) schemes that are designed to intercept and hijack wire transfers from businesses and individuals. Operation Wire Wire, a coordinated law enforcement effort by the U.S. Department of Justice, U.S. Department of Homeland Security, U.S. Department of the Treasury, and the U.S. Postal Inspection Service, was conducted over a six-month period and resulted in 74 arrests in the United States and overseas, including 29 in Nigeria and 3 in Canada, Mauritius, and Poland. The operation also resulted in the seizure of nearly $2.4 million and the disruption and recovery of approximately $14 million in fraudulent wire transfers. Anne Connell, a researcher in the SEI’s CERT Division, discusses the information that can be gleaned from a close examination of recent BEC attacks, including the one at the center of Operation Wire Wire and another attack involving a Texas energy company. Connell also offers guidance on how individuals and organizations can protect themselves from these sophisticated new modes of attack.

About the Speaker

Anne Connell

Anne Connell

Anne Connell is a cybersecurity engineer with the Cybersecurity Risk & Resilience Directorate of the CERT Division at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). In ...

Anne Connell is a cybersecurity engineer with the Cybersecurity Risk & Resilience Directorate of the CERT Division at Carnegie Mellon University’s (CMU) Software Engineering Institute (SEI). In this role, Connell contributes to research and development focused on improving the security and resilience of the nation’s critical infrastructure and assets. Connell’s research, which includes compliance management, transactional issues, and data breach response, addresses privacy and cybersecurity concerns. Connell holds certifications in CIPP and CIPT. 

 

Connell was the project lead of the FBI Cyber Investigator Certificate Program (CICP), developed for the 750,000 LEO members on cybersecurity investigations. Connell also teaches the course “Privacy in the Digital Age” at the CMU Heinz College of Information Systems and Public Policy and volunteers with Pittsburgh Public Schools to educate students on the internet and social media.

 

Prior to joining the SEI, Connell was a network manager with the CMU School of Design and a product lead with Maya. Connell holds a bachelor of science degree in Information Systems and a master’s degree in Human and Computer Interaction from Carnegie Mellon University.
 

Read more