Last year, a Lithuanian man was sentenced to five years in prison for tricking Facebook and Google into sending $123 million to his bank accounts through a business email compromise (BEC) campaign. However shocking, it’s a tip of the iceberg as this damaging crime is on the rise.
Formerly known as man-in-the-email attack, BEC is a sophisticated type of scam in which a hacker compromises business email accounts to conduct unauthorized transfers of funds, as the FBI defines. The US agency has been tracking the financial cyber threat since 2013, and revealed in its 2019 Internet crime report that BEC, though accounts for only 5% of the reported cases of fraud, causes 50% of the loss from all cyber activities last year. It costs each victim $75,000 on average, which translates to a loss of over $1.7 billion in a year.
Earlier this year in January, Taiwanese startup BlockChain Security launched an email verification tool called ChkSender as a response to the growing number of BEC attacks. As a Chrome extension, it goes through each email in Gmail to ensure it’s not tampered with during transmission.
With ChkSender installed, the user has access to an array of data about the sender of any given email, including server location, domain name, and domain owner. Meanwhile, the extension verifies the sender’s identity based on these data and examines other parts of the email like address and the message body.
Before sending out an email, the user is offered two options to protect themselves from potential fraud: to sign the email with a digital signature and record a copy on the blockchain, or encrypt the entire email with a password known only by the recipient (who has installed the extension to Chrome).
The former allows ChkSender to compare the footprints in the received email and on the blockchain and tell if the email is altered in transit; if so, it means that the mail server may have been hacked. The latter prevents attackers from changing what’s been written in the email in a rather straightforward way, since the recipient is supposed to be the only person capable of decrypting and later reading it.
As the next step, according to its CTO, BlockChain Security expects to develop a version for Outlook users and build AI into the product so that it can analyze what the message in the email means and better identify hackers who pretend to sound like the sender when illegally rewriting the email. The extension is currently free for download.
ChkSender is the two-year-old company’s second application, following Blockchain Witness, an app used for evidence collection launched last year in July. With this blockchain solution, the user can take photos, record videos, or do screenshots while ensuring that these data are trustworthy enough to be presented in court.
The app uses GPS to pinpoint when and where a piece of evidence is collected, and as a unique digital footprint (hash value) is generated, a copy of it will be recorded on the blockchain. What the user needs to do to authenticate the evidence in court is to compare the two footprints in the device and on the blockchain. If there isn’t a mismatch, the evidence is tamper-proof.
In the long run, CEO Po Huang said the team plans to build a “cloud platform for blockchain solutions” across a wide range of use cases and go global.
News source is from Business Next.