What Are BEC Attacks?
BEC Attacks Definition and Types. How to Stay Safe from BEC Attacks?
Otherwise known as BEC, Business e-mail compromise happens when an attacker hacks into a corporate e-mail account and impersonates the real owner with the sole purpose to defraud the company, its customers, partners and/or employees into sending money or sensitive data to the attacker’s account.
Also known as the “man-in-the-email” attack, BEC scams start with a large amount of research, with the attacker going through publicly available information about the company, like websites, press releases, or social media published content.
After finding the names and official titles of the company executives, the attacker will try to obtain access to the email addresses of the influential people in the company. To remain undetected he or she might use inbox rules or change the reply-to address so that when the scam is executed, the victim will not be alerted.
That’s not the only trick that the attackers will use when trying to access your data. By creating an email address with a spoofed domain and just adding 1 digit or one letter in the domain name you could become a victim.
After diligently researching corporate communications for some time, the attacker will develop a few scam scenarios that might work.
Types of business e-mail compromise.
Research data released by the FBI shows that the following five are some of the most prevalent examples of BEC, a key identifier being that some sample email messages used subjects containing words like request, payment, transfer and urgent, among others.
The Bogus Invoice Scheme
In this specific scam. Companies working with foreign suppliers are often targeted with this tactic. The attackers pretend to be suppliers requesting fund transfers for payments to an account owned by fraudsters.
After collecting the necessary data, attackers will behave as the company CEO or any high-level executive and send an email to employees in finance, requesting money transfers to the account they control.
An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.
There are cases when attackers are pretending to be a lawyer or someone from a law firm that is supposedly in charge of crucial and confidential data. These types of requests are done usually through email or phone and take place at the end of the business day when the victim is tired and less focused.
This type of scam usually targets employees from HR and bookkeeping departments. The employees are targeted in order to obtain personally identifiable information (PII) or tax statements of employees and executives, important data that can be used in future attacks.
How can you stay safe?
Before anything else, we need to understand what are the internal vulnerabilities that make Business e-mail compromise attacks successfully. Often it’s all about three main factors that come into play: Insufficient security protocols, Social engineering and Lack of employee awareness.
Email communications are the first entry point into an
Heimdal™ Email Fraud Prevention
all your incoming and outgoing comunications.
- Deep content scanning for attachments and links;
- Phishing, spear phishing and man-in-the-email attacks;
- Advanced spam filters to protect against sophisticated attacks;
- Fraud prevention system against Business Email Compromise;
In order to address these threats, from a cybersecurity standpoint, you should implement multi-factor authentication as a default IT security policy. This will help prevent unauthorized access of e-mails, especially if an attacker attempts to login from a new location.
Having stronger security protocols it’s vital, but employee education is just as important. Employees should be trained on identifying and avoiding contact with fraudulent e-mails and always be skeptical when requested urgent money transfer requests.