fbpx
CURRENTLY ON AIR ⇒
  • JUZ A DAY (Daily Qur'an) - Local and International Recitors
    Mon, 12:05 pm - 1:00 pm
    [ - ]

feedback@radioislam.org.za

Radio Islam Logo


((( Listen Live )))))
Radio Islam Logo


Business Email Compromise (BEC): Driving the Cyber-Crime Pandemic

 

Faizel Patel – 04/06/2020

(Twitter: @FaizelPatel143)

Picture: CSO Online

Business Email Compromise (BEC) attacks are a sophisticated type of scam, targeting both businesses and individuals, which aim to transfer funds from victims’ bank accounts to criminals.

In its early days, BEC typically began with hacking or spoofing email accounts of CEOs or CFOs of businesses, and then requesting funds transfers to accounts controlled by the criminals.

Over the years, these attacks have grown in sophistication, mostly in the social engineering aspect of the attacks. Rather than targeting the companies directly, attacks now target customers, HR departments, suppliers, related accountants, and law firms, and even tax authorities.

In addition to directly generating or diverting currency transactions, BEC attacks have also been used to fraudulently purchase gift cards, divert tax returns, and even transfer millions of dollars’ worth of hardware and equipment into the control of cybercriminals.

What is behind a BEC attack?     

Let us look at the component parts of a basic BEC attack. An attacker typically constructs an email that impersonates a high-level executive of a company – either by hacking into the organization’s email system, or by designing a legitimate-looking fake – and sends it to an employee, requesting a transfer of money to a bank account under the attackers’ control. This is often done with the excuse of urgency or communication problems preventing the manager from communicating in alternative ways.

The three main ways of impersonation are:

  1. Spoofing the source email address – as the basic SMTP protocol does not provide a sender validation mechanism, attackers can use either dedicated or publicly exposed SMTP servers to send emails with a spoofed sender address.
  2. The attacker sends emails from the authentic email account of the impersonated victim by gaining control of their email account through phishing, credentials theft, or other means.
  3. The attacker sends an email using a look-alike domain, which they register. In this case, the domain differs from the authentic address by a minor detail, such as sending an email from “example.co” rather than “example.com”.

So how can you improve your organization’s resilience to BEC attacks?  Here are our tips:

▪ Protect your email traffic with at least one layer of an advanced email security solution from a known vendor. Niche players and open-source solutions might even cause more damage than good.

▪ Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown

▪ Use two-factor authentication to verify any change to account information or wire instructions.

▪ Continuously educate your end users:  whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified in additional means such as voice communication and must not exclusively rely on information from email correspondence.

▪ Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.

▪ Do not supply login credentials or personal information in response to a text or email.

▪ Follow Security Best Practices

▪ Regularly monitor financial accounts.

▪ Keep all software and systems up to date.

ADVERTISE HERE

Prime Spot!!!

Contact:
advertisingadmin@radioislam.co.za 

Related Articles

Protests erupt across China over zero-Covid policy

Protests erupt across China over zero-Covid policy

Neelam Rahim | neelam@radioislam.co.za 2 min read 04 December 2022 | 4:03 pm CAT A protest against China's strict pandemic controls broke out in Shanghai and other big cities, as well as University campuses, over the weekend. In a significant attestation of the...

read more
Global survey shows shrinking trust in internet

Global survey shows shrinking trust in internet

Neelam Rahim | neelam@radioislam.co.za 2 min read 03 December 2022 | 5:15 pm CAT An international survey has revealed that Internet users’ trust in the Internet has dropped significantly since 2019. This was one of the critical findings of a 20-country Ipsos survey...

read more
Opposition Parties call for Ramaphosa’s impeachment

Opposition Parties call for Ramaphosa’s impeachment

Neelam Rahim | neelam@radioislam.co.za 2 min read 03 December 2022 | 4:44 pm CAT The country is facing a crisis after the damning report released by the independent panel into the Phala Phala saga stated that President Cyril Ramaphosa had a case to answer. The...

read more

Subscribe to our Newsletter

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *