Breach Response , Data Breach , Fraud

Fighting Business Email Compromises

Asst. U.S. Attorney Camelia Lopez on Getting Federal Agencies Involved

Organizations that discover they're victims of business email compromise exploits should immediately contact law enforcement officials to report the attacks, says Camelia Lopez, a federal prosecutor for the Eastern District of Texas.

See Also: How to Mitigate Credential Theft by Securing Active Directory

Business email compromise exploits use well-thought-out socially engineered scams that con unsuspecting accounting staff members at businesses into scheduling fraudulent wire transfers. Lopez urges organizations to overcome their embarrassment and report the exploit.

"[T]he earlier you contact law enforcement the better ... the earlier we know about it, the earlier agents can ... identify where the vulnerabilities are, take a look at the systems and help you identify what happens. Sooner is better. More communication is better," Lopez says.

In a video interview at the recent Information Security Media Group 2015 Fraud Data Breach Prevention and Response Summit Dallas, Lopez explains that the FBI, Secret Service and other agencies can help organizations to analyze the compromise, paving the way for quicker indictment and prosecution of the perpetrators.

"The response time can be very quick especially if the entity already has an established relationship with an agent. ... They can have somebody at their offices responding within hours," Lopez says.

In this interview, Lopez also discusses:

  • The top trends in data breach investigations;
  • The importance of having a data breach response plan in place before an attack; and
  • The ways in which law enforcement agencies can partner with agencies overseas to apprehend wrongdoers.

A federal prosecutor based in Plano, Texas, Lopez prosecutes fraud-related cases, including mail and wire fraud, data breaches and money laundering. She also is the district coordinator for the Computer Hacking and Intellectual Property program. Before joining the U.S. Attorney's office in 2009, she worked as an assistant district attorney in Dallas County, where she focused on white collar crime, including identity theft and online fraud.


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network