Cybercrime in Missouri

Cybercrime was on the rise before COVID-19, but the remote work transition provoked by the pandemic pushed cyber­attack rates to unforeseen heights. Accord­ing to Moody’s Analytics 2023 Cyber Sur­vey, since 2019, companies have increased their average spending on cybersecurity by 70% to keep up with the increasing attacks.

Recent headlines emphasize that no orga­nization is safe from attack. Companies of all sizes are paying a heavy price. In the last month, corporate giants like MGM Resorts, Campbell Soup, and Johnson and Johnson, have lost more than $100 million dollars collectively as a result of cyberattacks, despite their nearly limitless security re­sources. On the other end of the spectrum, local school districts, small businesses, and non-profits across the country are being relentlessly pounded by phishing attacks and business email compromise schemes. In Missouri, the MOVEit breach recently penetrated the University of Missouri and the state’s Medicaid system.

Cybercrime in Missouri

According to the FBI’s most current Inter­net Crime Complaint Center Report, Missourians lost more than $118 million dollars to cybercriminals last year. Business email compromise (BEC) has proven to be one of the fraudsters’ most effective methods, costing Missouri businesses $49.1 million in 2022. Although most people think of advanced coding and technology when they think of hacking, BEC attacks fall into a low-tech category of cybercrime known as “social engineering.” Such attacks rely less on technical wizardry than they do on a breakdown in the weak­est link of every cybersecurity system—the human at the keyboard.

In a typical BEC attack, a fraudster imper­sonates a trustworthy business associate of the target. Using a falsified or hijacked email account, the criminal pretends to be a vendor, supplier, or coworker of the vic­tim and requests that a payment be made (often through ACH deposit) to a new banking account. Professional attackers may even go as far as falsifying PDF in­voices to requests these deposits. If a hack­er has acquired access to an email account within the targeted business, they can ob­serve and research normal payment prac­tices and schedules in order to align the timing of their attacks with the business’s standard practices.

Many hackers have successfully swindled companies out of enormous sums with simple follow-up emails. Moments after a legitimate vendor sends an email re­questing payment, the fraudster will send a follow-up email from a spoofed account, claiming to have sent the wrong account information in the previous email. As the timing and legit­imacy of the con­text surrounding a payment goes up, so does the likelihood that a company will unthink­ingly approve a payment to a hacker.

Unfortunately, small businesses are not the only organizations at risk, local school districts are becoming an increasingly popular target for online scammers. A BEC attack devastated a small local school district in Washington state earlier this year, defrauding it of more than $300,000.

How to prevent email fraud attacks

Although these attacks can be difficult to detect and prevent, a well-prepared busi­ness can drastically reduce its risk through a variety of methods: correct email con­figurations, simulated attacks, penetra­tion testing, ongoing employee awareness training, and advanced inbox security software. Since many small businesses lack in-house cybersecurity expertise, the most effective and economical solution for them is to contract a managed service pro­vider (MSP) with cybersecurity experience.

As an MSP providing cybersecurity support to small businesses across Missouri, anti-phishing support has become one of our top services. Every day, we prepare and support dozens of businesses across the state to mitigate and avoid these prevalent cyberattacks—with fantastic results.

To raise awareness and preparedness across our state, we are offering a free book (with free shipping!) to help businesses prevent business email compromise. If you have not taken your first steps to prevent phishing and business email compromise from impacting your business, order your free copy of Email Fraud: How to keep hackers from hijacking your inbox.