Business Email Compromise

futuristic-criminal-in-a-computer-screen

Business Email Compromise (BEC) is a cybercrime like Phishing Email Attacks; however, the focus is on businesses rather than individuals.  Perpetrators use social engineering or computer intrusion techniques to compromise legitimate business email accounts. Once access is gained, they exploit the trust associated with email communication to conduct fraudulent activities, such as unauthorized fund transfers, sensitive data theft, or initiation of further cyber attacks. 

Attackers have begun to using deep fake technology to overcome employee suspicions.  After a video call from what appears to be a senior company officer, employees can be persuaded to dismiss their initial doubts because the callers appear and sound exactly like familiar colleagues.

  • Email Spoofing: BEC attackers often use email spoofing techniques to make messages appear as if they are from a trusted source within the organization.  See Phishing Email Attacks
  • Urgent Requests: Fraudulent emails may convey a sense of urgency, pressuring recipients to take immediate action, such as approving a financial transaction or updating sensitive information.
  • Unusual Requests: Requests for unusual or unexpected actions, such as transferring funds to a new account, changing payment details, or sharing sensitive information, are common signs. Pressure to use unusual methods or departures from standard procedures is another indicator of BEC. 
  • Email Account Take-over: BEC attacks often begin by compromising a victim organition's email account. The signs of this can be unauthorized login attempts or unfamiliar devices accessing the account, 
  • Authoritative tone: BEC attackers may mimic the communication style of executives or high-ranking officials to deceive employees. 
  • Multi-Factor Authentication (MFA): Implement MFA to add an extra layer of security to email accounts, making it harder for unauthorized users to gain access.  See CISA's Turn On MFA
  • Employee Training: Educate employees about the risks of BEC fraud, emphasizing the importance of verifying email requests, especially those involving financial transactions or sensitive data.
  • Email Filtering Systems: Use advanced email filtering systems to detect and block phishing attempts, malicious attachments, and suspicious content.
  • Strict Approval Processes: Establish and enforce strict approval processes for financial transactions, especially those initiated via email. Verify requests through secondary channels.
  • Regular Security Audits: Conduct regular security audits to identify vulnerabilities and address them promptly.
  • Contain the Incident: Immediately isolate the compromised email account(s) to prevent further unauthorized access and potential damage.
  • Notify Relevant Parties: Inform internal and external stakeholders, including law enforcement, financial institutions, and affected individuals, about the incident.
  • Investigation: Conduct a thorough investigation to determine the extent of the compromise, identify the entry point, and assess the potential impact.
  • Enhance Security Measures: Strengthen security measures, such as updating passwords, implementing additional security controls, and monitoring for any signs of continued compromise.  See  Cyber Crime Prevention for more information.
  • Secure Your Accounts: If you share personal information, change your passwords and enable two-factor authentication where possible. See Cyber Crime Prevention for more information.
  • Legal Action: Consider legal action against the perpetrators and collaborate with law enforcement agencies to bring them to justice.  See  Reporting Fraud. 

References: