FBI Warns: Scammers Are Impersonating Company Leaders in Virtual Meetings

The FBI has issued a warning that BEC (Business Email Compromise) scammers are adopting new tactics and increasingly exploiting virtual meeting platforms to deceive organizations. These scammers use a variety of methods, including deepfakes, to trick victims into sending money to accounts they control.

What Is a BEC Attack?

BEC attacks typically involve cybercriminals initiating correspondence with a company employee to gain their trust and convince them to take actions that harm the company or its clients. Often, attackers use compromised employee accounts or email addresses that closely resemble official company addresses, differing by just a few characters. In many cases, the criminals impersonate company employees—usually those in leadership positions—and instruct others to transfer funds to their accounts.

New Tactics in the Era of Remote Work

With the ongoing COVID-19 pandemic prompting a global shift to remote work, scammers have also adapted their BEC strategies. According to the FBI, the number of reports about BEC attacks conducted via virtual meeting platforms surged between 2019 and 2021.

While law enforcement did not provide specific numbers in their report, they described three main scenarios in which scammers use these tools to carry out attacks:

• Compromising the email of a CEO or CFO: Using a hacked email account, scammers send employees an invitation to a virtual conference. During the meeting, they may display a still image of the CEO with no sound or use an audio deepfake to mimic the executive’s voice, claiming that video or audio is not working properly. They then instruct employees via chat to initiate a funds transfer or follow up with such a “directive” in a subsequent email.
• Compromising the email of regular employees: Hackers gain access to virtual meetings to gather information about the company’s daily operations.
• Classic executive email compromise: For example, hackers use a compromised CEO’s email to send fake messages to employees, instructing them to transfer funds because the CEO is supposedly busy in a virtual meeting and cannot do it themselves.

Staying Vigilant

The FBI reminds everyone to remain vigilant in all situations and urges organizations to treat virtual meeting platforms with caution. These tools have become an integral part of many corporate work environments and will likely continue to be widely used even after the pandemic ends.