Are you sure you got an email from your CEO?
Or was it a Business Email Compromise?
Business Email Compromise (BEC) ranks among the most frequent email cybercrimes that is also one of the top culprits of huge financial losses for companies. This highly personalized social engineering attack involves hacking, spoofing or impersonating an email account in order to send an email that appears to come from a trusted source, luring the victim into sharing confidential information or transferring payments.
Types of Business
The FBI differentiates between 5 types of BEC:
- False Invoice Scheme – This is a common scenario where victims receive an email that seems to be from their supplier requesting them to pay an invoice to an account set up by scammers.
- CEO Fraud – Very often, the Business Email Compromise will impersonate directors or executives and ask the financial department of their own company or a partner for a certain wire transfer.
- Account Compromise – In this type of account takeover, the criminals take control of an executive’s or lower-level employee’s email account and request payment to a list of vendor accounts that are, in fact, fraudulent.
- Attorney Impersonation– Attackers usually contact victims outside working hours, posing as lawyers or other legal professionals to make urgent confidential requests that the victim cannot immediately verify.
- Data Theft – Typically, this type of BEC often serves as the basis for subsequent attacks, such as CEO fraud. The goal is to collect sensitive data from HR employees, such as the personal information or tax statements of their executives.
Why is Business Email Compromise so dangerous:
- Immense financial losses – BEC is one of the most financially damaging cybercrimes.
- Difficult to detect – It does not contain malware, dangerous links or attachments, which makes it hard to detect. Techniques such as domain spoofing and lookalike domains further complicate its identification, especially with legacy tools, point products and native cloud platform defenses.
- It targets human behavior – Business Email Compromise relies on employees’ unawareness and distraction to be successful. Since it is technically difficult to detect, it is left mainly to employees to identify the fraud. And a human-centric defense requires training!
- Loss of sensitive information – Stealing sensitive information, personal data, and account credentials from executives and employees authorized to make payments that can be used for further crimes.
- Difficult and time-consuming to investigate
- Image loss – Especially in the case of Account Compromise, the malicious email is indeed sent by the real person, which can lead to a serious loss of trust, a building block of every business relationship.
GBS can help you prevent
Business Email Compromise.
Spam & Content Recognition
Detect and process spam with two spam engines
Categorization of mails
Prevention of sending confidential information to unauthorized recipients
Identification of sensitive information in emails
Scanning for and blocking of malware, viruses, phishing, ransomeware, email spoofing, etc.
Combination of up to 4 renown scanners
Converting attachments to PDFs to block malicious codes
Business Email Compromise – the most expensive email attack
BEC is much more dangerous and costly than phishing
Business Email Compromise (BEC) is yet another attack tactic that has been on the rise in the last several years. According to different studies and researchers (e.g. FBI Crime Complaint Center), BEC is one of the most lucrative attacks for cybercriminals. Based on an FBI research (I3C), losses from BEC scams amount to $1.8 billion in the US alone. This is a fourfold increase compared to 2016. Furthermore, Statista reports that the number of BEC attacks is growing every year.