Phishing scams have been a persistent threat for years. It's likely that you've received an unexpected email informing you of a compromised account or a plea for immediate funds from a friend stranded in a foreign country. Perhaps you've even been notified of an impending eviction or the urgent need to update your computer's antivirus protection.
These emails lure you in with a link to download software or a request for your banking information, but beware! These deceptive emails can leave you with malware on your computer or unauthorized charges on your credit cards. While they can be irritating, a well-trained eye can usually identify the fakes.
Phishing emails often have misspelled words, domains that don’t seem right, missing signatures, grammatical mistakes, or other telltale signs that tip you off to the scam. As long as you know what to look for and stay alert, you and your employees can avoid becoming victims of traditional phishing scams.
But, what if the usual telltale signs are missing from a phishing email? What if the phishing email appears completely authentic because it originates from the email account of a trusted individual or reputable organization?
The risk of falling into the trap of a business email compromise (BEC) is significantly higher for you and your company. Unfortunately, this is an all too common occurrence. However, in this article, we will delve deeper into the world of business email compromise and provide valuable insights on how you can effectively protect your company from such attacks.
Understanding Business Email Compromise
According to the FBI, business email compromise schemes resulted in $1.7 billion in losses to companies in 2019 alone. Data from Check Point Research suggests that the numbers for 2020 are even higher, as cybercriminals have taken advantage of the disruption caused by the global pandemic to launch hundreds of thousands of cyber attacks on distracted workers.
A business email compromise occurs when a malicious actor controls someone's email account. This can be achieved by guessing usernames and passwords, especially on widely-used platforms like Microsoft 365 or Google Mail, leveraging stolen credentials from data breaches, or deceiving individuals into entering their passwords on fraudulent websites. Once inside, the cybercriminal can exploit not only the compromised organization but also its business associates.
After gaining access, attackers study their targets, understanding their habits and communication patterns, ensuring their malicious emails blend seamlessly. Unlike typical phishing attempts, BEC attacks are more targeted, focusing on a few individuals to maximize gains.
These BEC emails are particularly deceptive because they originate from a genuine source, making them virtually indistinguishable from legitimate emails and bypassing spam filters. The content of these emails often urges recipients to take actions like paying invoices, buying gift cards, or sharing personal information. Sometimes, they even intercept ongoing email conversations to redirect payments. While the immediate goal is financial gain, some attackers seek valuable data or deeper access to the company's network for future exploits.
Preventing Business Email Compromise
To effectively reduce the risks of BEC attacks, it is crucial to implement strong cybersecurity measures that prevent attackers from accessing your users' email accounts. By following these foundational practices, you can ensure the safety of your network against BEC attacks and other malicious schemes.
Strong Password Policies: Require employees to create complex passwords that combine letters, numbers, and special characters and regularly updating these passwords can also deter unauthorized access. No one likes inventing strong new passwords, but this simple step is one of the strongest defenses against business email compromise.
Implement Multi-Factor Authentication (MFA): MFA requires users to provide two or more verification methods. It's an effective barrier against unauthorized access, even if a malicious actor has the password.
Review and Manage Email Rules: Have your users (or IT staff, with management’s permission) review the automatic rules configured within your users’ email accounts. BEC attackers exploit these rules to conceal their actions, such as auto-moving bank-related emails to the trash or forwarding emails with "invoice" in the subject to external addresses for scrutiny.
Email Monitoring and Filtering: Utilize advanced email filtering solutions to detect and quarantine suspicious emails, and regularly monitor both outgoing and incoming email traffic to identify unusual patterns or activities indicative of potential compromises.
Regular Training and Awareness Programs: Educate employees about the dangers of BEC and other phishing attacks. Regular training sessions can help them recognize and report suspicious emails. Your employees are a critical defense against BEC but also a critical vulnerability if they’re not invested in your cybersecurity policies.
Identifying Business Email Compromise Attacks
Although it is ideal to prevent BEC attacks from occurring altogether, there are instances where it may not be feasible. Cybercriminals are resourceful and can find ways to bypass your security measures, whether by compromising one of your users' accounts or by targeting an external party that is not directly under your cybersecurity policies. In such cases, these attackers can exploit the compromised account to launch BEC attacks against your organization.
BEC attack emails are meticulously crafted since attackers, having already infiltrated an email account, aim to remain undetected until they achieve their goals. It's crucial for employees to remain alert to these subtle threats and promptly alert the IT or cybersecurity team upon spotting any anomalies. Adopting the following measures will empower your team to counteract BEC tactics effectively.
Keen Attention to Detail: Encourage employees to scrutinize emails for subtle inconsistencies. BEC emails might have unusual phrasing or sentence structures that deviate from the sender's typical tone.
Verification Protocols: Implement policies that require multiple approvals for significant actions. For instance, all wire transfers should be verified by at least two individuals (the requester and another party) to prevent potential BEC exploits.
Validation Procedures: Even if higher-ups, like the CEO, have the authority to make financial decisions unilaterally, always validate such requests. If an email asks for a financial transaction, cross-check by calling the requester using a previously known number, not one provided in the suspicious email.
Adherence to Policies: BEC attackers might use urgency or discretion as tactics to bypass standard procedures. Train employees to be cautious of such requests - even if the sender is familiar- emphasizing the importance of always following established protocols.
Trust Your Instincts: If you suspect a case of business email compromise, take precautions and immediately notify your IT or cybersecurity team so they can take appropriate action.
Take the Next Steps
As cybercriminals continue to adapt and refine their strategies, businesses must remain vigilant and informed about the latest cyber attacks. Staying updated on these threats and learning effective defense strategies is essential to safeguard your organization. In our extensive collection of cybersecurity resources, you'll find invaluable tools like our guide five crucial tips for identifying business email compromises.