How to Protect against Business Email Compromise BEC Attacks

The perpetrator then provides wire instructions to the victim to facilitate making payments to a fraudulent account. BEC attacks are usually focused on executives or employees authorized to make payments on behalf of their organizations. Retail Protect your customers and brand from advanced cyber threats.Financial Services Financial services are a prime target for cyber attacks. Verify payment and purchase requests in real-time to ensure it is legitimate. You should also verify any change in account number or payment procedures with the person making the request. You can inadvertently provide criminals with information they need to guess your password, answer your security questions or create a socially engineered hoax.

Many businesses – especially SMBs – experience a shortage of cybersecurity resources and expertise, leaving them unequipped to detect and prevent BEC attacks and other malicious email scams. The BEC scam is more prevalent and dangerous than ever, and small businesses face the same – or greater Business Email Compromise – risk as large enterprises. Small businesses often have less stringent security defenses in place, less awareness of threats and less time and resources to invest in protection. Cyberthieves recognize that these companies have the most to lose, and are readily exploiting these weaknesses.

What steps can I take to spread awareness and protect my organization?

Companies with foreign suppliers are common targets of vendor email compromise. Attackers pose as suppliers, request payment for a fake invoice, then transfer the money to a fraudulent account. CEO Fraud – Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control. As threats escalate, we act as your trusted partner to advise and strengthen your security strategies. The FBI says criminals are increasingly using identities harvested in other scams to create bank accounts to receive stolen BEC funds and convert them to cryptocurrency. SpyCloud helps enterprises protect employees both at work and at home.

Part of the challenge with mitigating these threats is that most employees don’t know how to spot phishing scams. According to the 2021 Gone Phishing Tournament Report, 19.8% of employees click email phishing links. Using this information, the cyber criminal will then attempt to gain access to the company email system with a phishing email or spoof the email account of a key employee.

Checking if the site connection is secure

Instead of reacting immediately, train employees to do their due diligence when it comes to their inbox. The fraudster will use malware to determine the employees that govern transactions or have access to finances (i.e., executive assistants, accountants, accounts payables). Short for business email compromise, BEC is a significant threat to enterprise organizations. This guide will give you a brief overview of the attack and explain why it’s a significant issue for enterprises and small businesses alike. In this variant of CEO fraud, a criminal may impersonate an executive and ask an assistant to purchase multiple gift cards that will be used as employee rewards. In the interests of rewarding employees as quickly as possible, the phony “executive” will request the serial numbers for the gift cards, and then use those serial numbers to make fraudulent purchases. Datto has recently engaged Miercom to conduct an independent, third-party performance assessment of Datto SaaS Defense against comparable advanced threat protection solutions.

• Other attacks may entail impersonation of friends, family, coworkers, or management, including C-level members.
• The targeted employee thinks the money is being sent the expected account, but the account numbers have been altered slightly, and the transfer is actually deposited in the account controlled by the criminal group.
• Implement security measures such as two-factor authentication and email filtering.
• Using real-world observations we’ve made while investigating BEC attacks, you’ll improve your ability to quickly and effectively prevent, detect and respond to email-based threats.
• When you identify a high-risk vendor or partner, SpyCloud makes it easy for you to share detailed access to the data they need to remediate their exposures.

Unit 42 targeted response solutions minimize the impact of an incident. Do verbally confirm emailed instructions from a vendor or supplier to change payment methods or bank information. Our annual analysis of exposed credentials and PII tied to London’s FTSE 100 employees uncovered insights about password reuse and malware-infected devices that put these organisations and the companies that rely on them at risk. Our award-winning products enable you to proactively protect your users’ accounts and thwart online fraud. The group would also impersonate the lawyer and request the money from the employee who has been prompted to perform the wire. The average payout of Cosmix Lynx is $1.27 million, but higher payouts have also been achieved. This money was quickly moved from Europe to Nigeria, with the malicious actors managing to get away from immediate consequences.

Anatomy of a BEC Attack

If the money fraud fails to be spotted in a timely manner, the funds can often be close to impossible to recover, due to any number of laundering techniques that transfer the funds into other accounts. Top 13 Email Threat Types Learn how to protect your organization from all 13 types of email attacks.Advanced Threat Protection Stop zero-hour and advanced attacks that evade traditional detection techniques. Barracuda Security Insights Check out our real-time view of global cyber threats, collected from millions of data points. Because these scams do not have any malicious links or attachments, they can evade traditional solutions.

https://wave-accounting.net/ —also known as email account compromise —is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. Business Email Compromise is a serious crime that can have devastating consequences for your business. If you suspect that your business is impacted by a BEC attack, there are steps you can take to help mitigate the damage and protect your business going forward. Which party was in the best position to prevent the fraud is heavily dependent upon the facts of each case, meaning a “quick” resolution before trial is unlikely.