fbpx
CURRENTLY ON AIR ⇒
  • Highlights of the Days Programmes
    Mon, 10:05 pm - 4:00 am
    [ - ]

feedback@radioislam.org.za

Radio Islam Logo


((( Listen Live )))))
Radio Islam Logo


Business Email Compromise (BEC): Driving the Cyber-Crime Pandemic

Jun 04, 2020

 

Faizel Patel – 04/06/2020

(Twitter: @FaizelPatel143)

Picture: CSO Online

Business Email Compromise (BEC) attacks are a sophisticated type of scam, targeting both businesses and individuals, which aim to transfer funds from victims’ bank accounts to criminals.

In its early days, BEC typically began with hacking or spoofing email accounts of CEOs or CFOs of businesses, and then requesting funds transfers to accounts controlled by the criminals.

Over the years, these attacks have grown in sophistication, mostly in the social engineering aspect of the attacks. Rather than targeting the companies directly, attacks now target customers, HR departments, suppliers, related accountants, and law firms, and even tax authorities.

In addition to directly generating or diverting currency transactions, BEC attacks have also been used to fraudulently purchase gift cards, divert tax returns, and even transfer millions of dollars’ worth of hardware and equipment into the control of cybercriminals.

What is behind a BEC attack?     

Let us look at the component parts of a basic BEC attack. An attacker typically constructs an email that impersonates a high-level executive of a company – either by hacking into the organization’s email system, or by designing a legitimate-looking fake – and sends it to an employee, requesting a transfer of money to a bank account under the attackers’ control. This is often done with the excuse of urgency or communication problems preventing the manager from communicating in alternative ways.

The three main ways of impersonation are:

  1. Spoofing the source email address – as the basic SMTP protocol does not provide a sender validation mechanism, attackers can use either dedicated or publicly exposed SMTP servers to send emails with a spoofed sender address.
  2. The attacker sends emails from the authentic email account of the impersonated victim by gaining control of their email account through phishing, credentials theft, or other means.
  3. The attacker sends an email using a look-alike domain, which they register. In this case, the domain differs from the authentic address by a minor detail, such as sending an email from “example.co” rather than “example.com”.

So how can you improve your organization’s resilience to BEC attacks?  Here are our tips:

▪ Protect your email traffic with at least one layer of an advanced email security solution from a known vendor. Niche players and open-source solutions might even cause more damage than good.

▪ Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown

▪ Use two-factor authentication to verify any change to account information or wire instructions.

▪ Continuously educate your end users:  whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified in additional means such as voice communication and must not exclusively rely on information from email correspondence.

▪ Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.

▪ Do not supply login credentials or personal information in response to a text or email.

▪ Follow Security Best Practices

▪ Regularly monitor financial accounts.

▪ Keep all software and systems up to date.

ADVERTISE HERE

Prime Spot!!!

Contact:
advertisingadmin@radioislam.co.za 

Related Articles

Sudan: Military Grabs Power

Sudan: Military Grabs Power

Umm Muhammed Umar In Sudan, the prime minister, Abdalla Hamdok, and his cabinet have been arrested and the government dissolved, in the African continent’s latest 'coup'. The BBC reports that aside from political tensions, Sudan's economy has been in a deep crisis....

read more
Bank Robbery Foiled in Lenasia

Bank Robbery Foiled in Lenasia

  Umm Muhammed Umar Two suspects were in police custody after attempting to rob a branch of FNB in Lenasia last Monday, October 18. According to the Sowetanlive, four would be bank robbers, brandishing firearms, demanded cash from staff at the bank. A customer,...

read more
Compromise reached in steel sector

Compromise reached in steel sector

By Staff Reporter 25:10:2021 On Thursday, the National Union of Metalworkers of South Africa (NUMSA) ended its 3-week-long strike in the metal and steel sector, which bled hundreds of millions and cost organised labour R200-million. Around 170 thousand workers,...

read more
Cele: Missing Moti Brothers Case Close to Being Solved

Cele: Missing Moti Brothers Case Close to Being Solved

By Naadiya Adams With less than a week to the local government polls, political parties are heavy on the campaign trail to secure votes across provinces. The ruling party has been working hard on the ground to connect with voters and promise a better standard of...

read more

Subscribe to our Newsletter

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *