Fighting Business Email Compromises

Breach Response , Data Breach , Fraud

Asst. U.S. Attorney Camelia Lopez on Getting Federal Agencies Involved

Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks, says Camelia Lopez, a federal prosecutor for the Eastern District of Texas.

See Also: Mobile Banking: Authentication Strategies to Mitigate Fraud

Business email compromise exploits use well-thought-out socially engineered scams that con unsuspecting accounting staff members at businesses into scheduling fraudulent wire transfers. Lopez urges organizations to overcome their embarrassment and report the exploit.

"[T]he earlier you contact law enforcement the better ... the earlier we know about it, the earlier agents can ... identify where the vulnerabilities are, take a look at the systems and help you identify what happens. Sooner is better. More communication is better," Lopez says.

In a video interview at the recent Information Security Media Group 2015 Fraud Data Breach Prevention and Response Summit Dallas, Lopez explains that the FBI, Secret Service and other agencies can help organizations to analyze the compromise, paving the way for quicker indictment and prosecution of the perpetrators.

"The response time can be very quick especially if the entity already has an established relationship with an agent. ... They can have somebody at their offices responding within hours," Lopez says.

In this interview, Lopez also discusses:

The top trends in data breach investigations; The importance of having a data breach response plan in place before an attack; and The ways in which law enforcement agencies can partner with agencies overseas to apprehend wrongdoers.

A federal prosecutor based in Plano, Texas, Lopez prosecutes fraud-related cases, including mail and wire fraud, data breaches and money laundering. She also is the district coordinator for the Computer Hacking and Intellectual Property program. Before joining the U.S. Attorney's office in 2009, she worked as an assistant district attorney in Dallas County, where she focused on white collar crime, including identity theft and online fraud.