Business Email Compromise

What is Business Email Compromise? 

Business Email Compromise (BEC) cost U.S. companies $1.8 billion in losses in 2020 – 43 percent of all cybercrime losses last year. So, what is it? And how can you and your business avoid such attacks? 

Matt Lundy, Assistant General Counsel at Microsoft, defines it as ‘a cyberattack that is designed to gain access to critical business information or extract money through email-based fraud’.

How does it work?

Threat actors send an email that appears as though it is coming from a high-level executive within an employee’s organisation, such as the CEO or CFO, in an attempt to trick them into transferring funds or reveal sensitive information.  

BEC attacks often involve great amounts of research by the cybercriminals to find the right person to target within an organisation, and the best time to send the email. Having the target receive the email whilst they are travelling is considered the opportune time for the best chance of yielding success.  

Research will also be done into the names of the high-level executives and the email addresses used within their organisation’s network. Once this information is obtained, a common tactic used is to send an email from an address that is very partially different from the legitimate version.  

An example used by the FBI is ‘[email protected]’ vs. ‘[email protected]’. The two emails are only very slightly different, and, at a glance, appear the same. However, the spoof email is different by just one character.  

As people become more aware of fraudulent emails, the threat actors must evolve to continue to achieve success. One way they are doing this is to target fluent English speakers to make their emails appear genuine. (link) 

How to Avoid Business Email Compromise 

How can you and your business avoid falling victim to BEC? 

Carefully examine and validate the legitimacy of emails 

Scammers will attempt to make their fraudulent attempts appear as legitimate as possible. They will often attempt to copy the same format of correspondence used by an organisation, including very similar email addresses, headers and footers.  

However, a lot of the time there are mistakes and differences with what they send. Even if the email says it is urgent and there will be consequences if you do not act, do not rush into anything and take a moment to consider if what you have been sent is potentially a scam.  

Not only this, emails sent suggesting urgent action is required are often red flags that something is not right. 

If necessary, cross-examine the email sent with a standard email to check if it looks right. 

Avoid links and attachments 

Only click on and open attachments in emails if you are absolutely sure they are from a trusted source. This is the principal way cybercriminals will attempt to exploit you and gain access to a system or network. Also, ask yourself if the attachment is something you were expecting.

Verify with the sender 

If you are unsure whether you are being victim to a potential attack, verify what is being asked of you with the sender or somebody close to them in the chain of command. Call them if possible.

Consider whether the request seems unusual 

Is the request for you to transfer money or send sensitive information typical of standard working practices? What do you usually do? Is the email in-line with the sender’s character? These are usually signs of phishing emails.

Employee training 

Security awareness training is vital for a business to avoid unnecessary breaches. Employees should be aware of the techniques used by threat actors and the key indicators that an email is fraudulent.  

Email authentication protocols 

A way of avoiding malicious emails at source is by having an appropriate email authentication protocol in place. DMARC (domain-based message authentication, reporting and conformance), for example, could be implemented which works to ‘differentiate legitimate, verified emails from fraudulent and unverified emails and spoofed domains’ (Intel 471).

How can Securiwiser help? 

Securiwiser can protect your organisation against email phishing and other forms of email cyberattacks. Our cyber monitors can inform you about typosquatting, prevent data breaches and data leaks. If you'd like to know your company's cybersecurity score, sign up today for a free Cyber Security Report..