What is Business Email Compromise?
What is BEC?
BEC refers to an email scam that targets specific people in an organization to either steal money, data or other confidential employee information. These email impersonations rely heavily on social engineering tactics.
How does BEC work?
Email is today’s top threat vector, accounting for 90% of advanced threats, and the ever-growing threats are becoming more and more costly for businesses.
BEC happens when the scammer poses as a trusted individual with a legitimate business request. BEC attacks are highly targeted, sent in low volumes, and aimed at specific people.
The scams are hard to identify and may seem part of any day-to-day request to the target. Scammers, who want to circumvent tight network controls, research the best ways to take advantage of human vulnerabilities.
Because these email accounts have been manipulated and have well-hidden tactics, BEC attacks are difficult to detect and can leave companies perplexed in the aftermath.
Techniques for Business Email Compromise
Spoofing email accounts and websites
Slight variations on legitimate addresses (email@example.com vs. firstname.lastname@example.org) fool victims into thinking fake accounts are authentic.
Bogus emails believed to be from a trusted sender prompt victims to reveal confidential information to the BEC perpetrators.
Used to infiltrate networks in order to gain access to internal data and systems, especially to view legitimate email regarding the finances of the company. That information is then used to avoid raising the suspicions of an any financial officer when a falsified wire transfer is submitted. Malware also lets criminals gain access to their victim’s sensitive data.
Specific types of BEC
False invoice scheme
Companies with foreign suppliers are often targeted with this tactic, wherein attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.
Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.
An attacker will impersonate a lawyer or other representative from the law firm responsible for sensitive matters. These types of attack often occur through email or phone, during the end of the business day where the victims are low level employees without the knowledge or authority to question the validity of the communication.
HR and bookkeeping employees will be targeted in order to obtain personal or otherwise sensitive information about the employees or executives. This data can be very helpful for future attacks.
How can you protect yourself from Business Email Compromise (BEC) attacks?
BEC is fueled by vulnerabilities and is a growing threat to employees. Your organization can stay protected with a multi-layer approach; utilizing people, process and technology.
Defenses Against BEC
- Intrusion Detection System Rules: these flag emails with extensions that are similar to company email. For example, legitimate email of xyx_business.com would flag fraudulent email of xyz-business.com.
- Email Rules: these flag email communications where the “reply” e-mail address is different from the “from” email address shown.
- Color Coding: virtual correspondence so e-mails from employee/internal accounts are one color and e-mails from non-employee/external accounts are another.
- Payment Verification: ensures security by requiring additional two-factor authentication.
- Confirmation Requests: for fund transfers with something like phone verification as a part of a two-factor authentication scheme. Also, confirmations may require that company directory numbers are used, as opposed to numbers provided in an email.
- Careful Scrutiny: of all e-mail requests for transfer of funds to determine if the requests are out of the ordinary.
Safeguard your business, empower your employees and ensure business longevity.
About Plow Networks
Headquartered in Brentwood, Tennessee, Plow Networks is a Total Service Provider (TSP) with several distinct business practices that, when consumed together, offer our clients a unique, best-in-class experience. We give organizations peace of mind, valuable time back and the economies of scale that come with having one technology partner that is focused on exceeding their expectations with every engagement.