How to prevent business email compromise attacks

[tarekma7]

Business email compromise (BEC) scams are low-tech attacks that use social engineering techniques to exploit natural human tendencies.

While they may not get as much attention from the press as high-profile ransomware attacks, BEC scams are considered one of the biggest threats facing companies today. Between June 2016 and July 2019, there were 32,367 successful BEC scams in the U.S., which cost U.S. businesses more than $3.5 billion, according to figures from the FBI.

Fortunately, there are some very effective and easy-to-implement strategies for stopping BEC attacks. In this post, we’ll show you how you can combine staff training, process implementation and authentication technology to protect your organization from BEC attacks.

What is business email compromise?
A BEC attack is a sophisticated scam that targets businesses and individuals who perform wire transfer payments.

Unlike regular email scams that are distributed to thousands or millions of users, BEC attacks are carefully planned and highly targeted.

A typical BEC scam involves an attacker gaining access to the email account of a C-suite executive via a phishing campaign, malware infection, password leak or brute force attack. The attacker monitors the compromised email account to learn the victim’s communication habits and gain a thorough understanding of the company’s routine processes and procedures.

Once the attacker has carried out their surveillance, they send an urgently worded email to a target, instructing the recipient to carry out an important request.

What makes the scam so convincing is the fact that the email is sent through legitimate communication channels and appears to be from a familiar and trusted business contact. The target often feels inclined to quickly process the request without question when the email appears to be sent from the target’s boss or boss’ boss.

Monetary gain is usually the primary goal of a BEC scam. Victims are deceived into believing they’re performing a regular transaction, when in reality they are transferring large sums of money directly into the bank account of the scammers.

In other cases, attackers may use BEC scams to extract employees’ personally identifiable information, which can be used in future attacks or sold on the black market.

Continue reading HERE