Diving deep into the Business Email Compromise

Business Email Compromise is the new kid in the block in cyber crime space. As per an FBI report, Business Email Compromise (BEC) has affected more than 130 countries since October 2013 and the global losses or attempted losses have crossed $5 billion. The threat and associated losses are only increasing with time.

What is BEC?

Business Email Compromise (BEC) also known as “CEO Fraud” or “Man-in-the-email” is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.  It is a kind of phishing attack where the attacker impersonates as a key organization executive (often someone with high level of authority like a CEO) and gets the victims to either transfer funds or share critical information with him/her.

A BEC is often a highly focused attack and works in a manner that the emails flowing in look completely legitimate to the receiver making him act on it and thus becoming a victim. BEC attacks mostly focus on individuals who are responsible for wire transfers, targeting businesses and employees through spoof emails. They build up enough information about the management of the company, employees responsible for making payments, key suppliers from compromised emails, employee information from company news/social media and other sources to make these email attacks look authentic.

Read more: How cyber criminals attract users by launching interesting phishing email subject lines?

The BEC Forms and Impact

Once these malware gain an entry into the organization’s network, they could:

1. impersonate a CEO or a CFO to get a wire transfer done to their accounts.
2. use fraudulent invoice payments route by changing the account number of the suppliers to route supplier payments to one of their own accounts.
3. compromise the account of an employee to email customers of failed payment transaction and asking them to send the payment to a different account.
4. using the attorney impersonation method of coercing an employee to transfer money for a confidential acquisition thereby inflicting huge financial losses to these companies.

These losses are estimated to touch a staggering $9 billion worldwide in 2018. Data theft is another threat of a BEC scam which is non-financial in nature but equally devastating.

Gearing up against BEC

Business Email frauds are quite sophisticated and finely targeted that it makes them difficult to identify. However, there are many ways in which these can be controlled or avoided. A few of them are listed below:

1. Two-factor authentication: It is the best way to control BEC. It prevents hackers from getting into your account and sending fraud emails using your identity.
2. Reviewing authorization: It is important to regularly review the authorizations given to employees for organizational fund transfer. There should be minimum number of people who are authorized for such transfers and also a consolidated list should be prepared to ensure no new id is accessing the payment system.
3. Capping the fund transfer amount: Set the limit of amount transfer by the approving individual. Any transaction beyond that amount should be re-verified and processed by the bank. This can help protect high value fraudulent transactions.
4. Double verification for new requests: Any new or unusual payment requests should be passed by at least 2 people within the organization to ensure an added layer of security check.
5. Using anti-phishing software: Relying on a robust anti-phishing solution is a great way to enable employees to act as a basic defense against BECs. Having comprehensive solutions like Seqrite EPS with anti-phishing feature can protect your enterprise from many more threats than just BEC.
6. Get basic hygiene in place: Keeping up to date antivirus, not downloading unknown programs and attachments from unverified sources, blocking unused ports and monitoring ongoing traffic are some basic hygiene factors that enterprises must follow as a protection against BEC.
7. Use common sense: Nothing beats common sense and little vigilance. BEC’s can be minimized by being slightly vigilant in terms of signatures or a handheld info from where mail comes in. The hackers often impersonate executives when they are travelling. Bearing this small info in mind might save your company a lot of money.

Seqrite to the rescue

Cybersecurity experts like Seqrite have developed innovative features in their products to help fight scams like BEC.  Seqrite’s Endpoint Security is loaded with features that up the organization’s defense against malware and phishing attacks like BEC. It offers superior phishing protection against attacks that originate from malicious codes over the internet by stopping them from entering the network and spreading across. Other features included in their email security tool help identify the nature of emails coming from various email gateways as well as provide robust protection against suspicious messages. BEC data thefts can be avoided by integrating Seqrite’s Data Loss Prevention solution with the email marketing plans. Policy-based encryption allows information to be encrypted and accessible only to authorized personnel. BEC is a serious threat but with Seqrite as your security partner, it can be tackled with ease.

As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more