Faizel Patel – 04/06/2020

(Twitter: @FaizelPatel143)

Picture: CSO Online

Business Email Compromise (BEC) attacks are a sophisticated type of scam, targeting both businesses and individuals, which aim to transfer funds from victims’ bank accounts to criminals.

In its early days, BEC typically began with hacking or spoofing email accounts of CEOs or CFOs of businesses, and then requesting funds transfers to accounts controlled by the criminals.

Over the years, these attacks have grown in sophistication, mostly in the social engineering aspect of the attacks. Rather than targeting the companies directly, attacks now target customers, HR departments, suppliers, related accountants, and law firms, and even tax authorities.

In addition to directly generating or diverting currency transactions, BEC attacks have also been used to fraudulently purchase gift cards, divert tax returns, and even transfer millions of dollars’ worth of hardware and equipment into the control of cybercriminals.

What is behind a BEC attack?     

Let us look at the component parts of a basic BEC attack. An attacker typically constructs an email that impersonates a high-level executive of a company – either by hacking into the organization’s email system, or by designing a legitimate-looking fake – and sends it to an employee, requesting a transfer of money to a bank account under the attackers’ control. This is often done with the excuse of urgency or communication problems preventing the manager from communicating in alternative ways.

The three main ways of impersonation are:

1. Spoofing the source email address – as the basic SMTP protocol does not provide a sender validation mechanism, attackers can use either dedicated or publicly exposed SMTP servers to send emails with a spoofed sender address.
2. The attacker sends emails from the authentic email account of the impersonated victim by gaining control of their email account through phishing, credentials theft, or other means.
3. The attacker sends an email using a look-alike domain, which they register. In this case, the domain differs from the authentic address by a minor detail, such as sending an email from “example.co” rather than “example.com”.

So how can you improve your organization’s resilience to BEC attacks?  Here are our tips:

▪ Protect your email traffic with at least one layer of an advanced email security solution from a known vendor. Niche players and open-source solutions might even cause more damage than good.

▪ Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown

▪ Use two-factor authentication to verify any change to account information or wire instructions.

▪ Continuously educate your end users:  whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified in additional means such as voice communication and must not exclusively rely on information from email correspondence.

▪ Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.

▪ Do not supply login credentials or personal information in response to a text or email.

▪ Follow Security Best Practices

▪ Regularly monitor financial accounts.

▪ Keep all software and systems up to date.