Business Email Compromise (BEC)
A Business email compromise (BEC) is an exploit in which the attacker gains access to a corporate email account and spoofs the owner’s identity to defraud the company or its employees, customers, or partners of money. Business Email Compromise or BEC is a sort of phishing attack that is on the rise. In
this type of phishing attack, the attacker gains access to a corporate email account and posits himself as the owner of the account to defraud the company or its employees, customers, or partners of money.
There are instances where an attacker simply creates an account with an email address that is very similar to one on the corporate network. BEC is a form of sophisticated phishing that has cost victims billions of dollars in fraud losses. BEC attacks are usually designed to impersonate senior executives of a particular firm with the sole intention of inflicting a negative impact monetarily or otherwise on that firm.
Business Email Compromise (BEC) on the rise
In the face of the coronavirus outbreak, the massive shift to remote working has dramatically expanded the attack surface for BEC crime groups the world over. The repercussions, and the harrowing losses, will be felt long after Work from Home mandates come to an end.
BEC is a big business. In a recent survey from JPMorgan, 75% of US companies reported suffering direct financial damage from such schemes in 2019. According to FBI statistics, that translated into more than $26 billion in business losses worldwide since 2016 — or $700 million each month.
How does BEC take place?
● Spoof and Email account
An attacker begins a BEC attack by spoofing an email first. Attackers use slight variations on legitimate email accounts to trick victims into thinking fake accounts are authentic. e.g. if we consider namg.lee@example.com to be an authentic email ID, a BEC attacker would change this email ID to name.lee@example.com.
● Spearphishing emails
These emails pretend to be emailed from legitimate business accounts thus easily deceiving the receiver. Since the receivers are under the impression that the sender is a trusted source they are easily manipulated and prone to divulging sensitive information. This leads to the criminals accessing
the crucial data required for them to carry out the BEC schemes.
● Use of Malware
BEC attackers use malicious software extensively that can infiltrate company networks and access data and information about various financial dealings from legitimate email threads. These are then used in turn to time requests so that employees in the finance department don’t question the payment request. Attackers also use malware to gain undetected access to vital personal data such as passwords and financial account information.
The kind of threat BEC poses
For its “Abnormal Quarterly BEC Report Q1 2020 report”, Abnormal Security reports that BEC attacks are increasingly becoming more sophisticated. Attackers are much more elaborate in their process of pulling
off a BEC scheme. BEC attackers have also shifted their focus from specific targets. Executives are less likely to be impersonated now than employees working in the finance department and those who work
as external vendors. Cybercriminals have also shifted from targeting specific individuals to targeting groups. Though these types of attacks seem more generalized and have the potential of being an unsuccessful BEC campaign it significantly increases the odds that at least one person will fall for the
scam. As BEC attacks directed toward a single person decreased, campaigns using paycheck fraud also dropped as these are typically targeted at individuals but attacks using invoice fraud increased as BEC campaigners started impersonating vendors, suppliers, or customers. Though BEC represents a small portion of all email attacks, according to the FBI, BEC attributed to half of all cybercrime-related losses in 2019.
Prevention of BEC attacks
● A cautious approach should be undertaken regarding the information we are making public on the internet. It makes the work of a BEC attacker tougher if he has to engage longer to fork out sensitive information.
● It is best not to click any links asking to update or verify account information
● It is advisable to carefully examine the sender’s email address. BEC attackers use slight variations to trick their targets
● A cautious approach should be followed while downloading something, it is best not to download attachments received from someone unknown
● Multi-factor authentication for any account which allows it is a way to secure email addresses
● One must keep an eye for out-of-domain impersonation techniques such as adding “s” to the end of a known domain, adding “int” or “inc” at the end of a known domain to make it look legitimate
Possible Solutions
Prime Infoserv, has supported many organizations to prevent BEC by Email Threat Protection (ETP) solutions for name spoofing, targeted attacks, and deceiving email addresses. Evaluations are authorized through Office 365 and one must possess the admin rights. Prime Infoserv does not access any of the credentials, the analysis runs through fleeting storage, which is destroyed after the report is generated. This service does not require the deployment of any software or hardware and the evaluation typically takes 1–5 days. The length of the process usually depends upon the number of emails the configured mailboxes have. The evaluation process is free of cost and there are email updates regarding each step of the process. The assessment mainly focuses mainly on malicious attachments and URLs linked to phishing sites.
More details in this regard can be directed to info@primeinfoserv.com
