{"id":32156,"date":"2020-06-04T13:13:11","date_gmt":"2020-06-04T11:13:11","guid":{"rendered":"https:\/\/www.radioislam.org.za\/a\/?p=32156"},"modified":"2020-06-04T13:13:11","modified_gmt":"2020-06-04T11:13:11","slug":"business-email-compromise-bec-driving-the-cyber-crime-pandemic","status":"publish","type":"post","link":"https:\/\/radioislam.org.za\/a\/business-email-compromise-bec-driving-the-cyber-crime-pandemic\/","title":{"rendered":"Business Email Compromise (BEC): Driving the Cyber-Crime Pandemic"},"content":{"rendered":"

 <\/p>\n

Faizel Patel \u2013 04\/06\/2020<\/em><\/strong><\/p>\n

(Twitter: @FaizelPatel143<\/a>)<\/em><\/strong><\/p>\n

\"\"

Picture: CSO Online<\/p><\/div>\n

Business Email Compromise (BEC) attacks are a sophisticated type of scam, targeting both businesses and individuals, which aim to transfer funds from victims\u2019 bank accounts to criminals.<\/p>\n

In its early days, BEC typically began with hacking or spoofing email accounts of CEOs or CFOs of businesses, and then requesting funds transfers to accounts controlled by the criminals.<\/p>\n

Over the years, these attacks have grown in sophistication, mostly in the social engineering aspect of the attacks. Rather than targeting the companies directly, attacks now target customers, HR departments, suppliers, related accountants, and law firms, and even tax authorities.<\/p>\n

In addition to directly generating or diverting currency transactions, BEC attacks have also been used to fraudulently purchase gift cards, divert tax returns, and even transfer millions of dollars\u2019 worth of hardware and equipment into the control of cybercriminals.<\/p>\n

What is behind a BEC attack?\u00a0 \u00a0 \u00a0<\/strong><\/p>\n

Let us look at the component parts of a basic BEC attack. An attacker typically constructs an email that impersonates a high-level executive of a company \u2013 either by hacking into the organization\u2019s email system, or by designing a legitimate-looking fake \u2013 and sends it to an employee, requesting a transfer of money to a bank account under the attackers\u2019 control. This is often done with the excuse of urgency or communication problems preventing the manager from communicating in alternative ways.<\/p>\n

The three main ways of impersonation are:<\/strong><\/p>\n

    \n
  1. Spoofing the source email address – as the basic SMTP protocol does not provide a sender validation mechanism, attackers can use either dedicated or publicly exposed SMTP servers to send emails with a spoofed sender address.<\/li>\n
  2. The attacker sends emails from the authentic email account of the impersonated victim by gaining control of their email account through phishing, credentials theft, or other means.<\/li>\n
  3. The attacker sends an email using a look-alike domain, which they register. In this case, the domain differs from the authentic address by a minor detail, such as sending an email from \u201cexample.co\u201d rather than \u201cexample.com\u201d.<\/li>\n<\/ol>\n

    So how can you improve your organization\u2019s resilience to BEC attacks?\u00a0 Here are our tips:<\/strong><\/p>\n

    \u25aa Protect your email traffic with at least one layer of an advanced email security solution from a known vendor. Niche players and open-source solutions might even cause more damage than good.<\/p>\n

    \u25aa Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown<\/p>\n

    \u25aa Use two-factor authentication to verify any change to account information or wire instructions.<\/p>\n

    \u25aa Continuously educate your end users:\u00a0 whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified in additional means such as voice communication and must not exclusively rely on information from email correspondence.<\/p>\n

    \u25aa Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.<\/p>\n

    \u25aa Do not supply login credentials or personal information in response to a text or email.<\/p>\n

    \u25aa Follow Security Best Practices<\/p>\n

    \u25aa Regularly monitor financial accounts.<\/p>\n

    \u25aa Keep all software and systems up to date.<\/p>\n","protected":false},"excerpt":{"rendered":"

      Faizel Patel \u2013 04\/06\/2020 (Twitter: @FaizelPatel143) Business Email Compromise (BEC) attacks are a sophisticated type of scam, targeting both businesses and individuals, which aim to transfer funds from victims\u2019 bank accounts to criminals. In its early days, BEC typically began with hacking or spoofing email accounts of CEOs or CFOs of businesses, and then […]<\/p>\n","protected":false},"author":2,"featured_media":32157,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[28,226],"tags":[5326],"class_list":["post-32156","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest-news","category-tech-reviews","tag-technology-cybercrime-businessemailcompromise"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/radioislam.org.za\/a\/wp-content\/uploads\/2020\/06\/Business-Email.jpg?fit=275%2C183&ssl=1","jetpack_sharing_enabled":true,"jetpack-related-posts":[],"jetpack_shortlink":"https:\/\/wp.me\/pc0QIf-8mE","jetpack_likes_enabled":true,"publishpress_future_action":{"enabled":false,"date":"2026-05-01 09:46:09","action":"change-status","newStatus":"draft","terms":[],"taxonomy":"category","extraData":[]},"publishpress_future_workflow_manual_trigger":{"enabledWorkflows":[]},"_links":{"self":[{"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/posts\/32156","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/comments?post=32156"}],"version-history":[{"count":0,"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/posts\/32156\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/media\/32157"}],"wp:attachment":[{"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/media?parent=32156"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/categories?post=32156"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/radioislam.org.za\/a\/wp-json\/wp\/v2\/tags?post=32156"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}