All About Business Email Compromise

This week, we’re going to explain what Business Email Compromise (BEC) is and what you can do to help prevent it.

First of all, what is Business Email Compromise (BEC)?

Business email compromise (BEC) occurs when a criminal accesses a work email account to trick someone into transferring money, or to steal valuable (or sensitive) data.

What happens in a BEC attack?

In a typical BEC attack, the victim (who believes they are responding to a legitimate request) is coerced into transferring money into an account controlled by the criminal. For this reason, BEC attacks are often directed at senior staff, or those that can authorise financial transactions.

BEC is usually conducted by a targeted phishing mail. Unlike standard phishing emails (which are sent indiscriminately to millions of users), BEC emails are tailored to individuals within organisations. The email might impersonate someone the victim already corresponds with regularly, or even include the text from an existing email thread, so the victim believes they’re dealing with a legitimate correspondence.

Since these phishing emails often target a ‘big fish’ (often a board member or an employee with access to valuable assets), this type of cyber attack is also known as “whaling.”

How do these emails get through to our system?

Since BEC emails are normally sent in low volume, standard email filters (designed to identify ‘scam emails’) may struggle to detect them, especially if they come from a legitimate email account that has already been hacked. Alternatively, a BEC email may have been sent from a ‘spoofed’ domain, designed to trick users that they are dealing with a legitimate organisation. Some BEC emails may contain viruses disguised as invoices, which are activated when opened.

For all these reasons, BEC is a threat to organisations of all sizes and across all sectors. The National Cyber Security Centre (NCSC) has a number reports which show out that following the pandemic, there’s been a rise in BEC attacks (find the report here). This is because more staff are now working at home, often using their own equipment, which makes it harder for organisations to manage devices and protect them from these kinds of attack.

What can we do to help stop BEC?

  • Set up multifactor authentication (MFA) – one of the simplest things you can do. Ensure all of your staff have MFA set up on their accounts. You can read our post All About Multifactor Authentication on our website here >
  • Review your digital footprint – if there is information online about your company’s senior staff on work website and social media, criminals can use this to make their phishing emails look more convincing. Make sure all your staff review their privacy settings on these sites and in particular use multifactor authentication.
  • Help staff to detect phishing emails – spotting a phishing email can be tricky but being able to spot red flags and ask themselves “is this a genuine email” can be difference between staying safe and being victim to a cyberattack. Read our post How to Defend your Organisation from Phishing Attacks on our website here >
  • Review authorisation privileges – check who in your organisation can authorise payments, or has access to valuable information. Not everyone in your organisation should be able to make high-value payments. Regularly review these and revoke privileges if no longer needed.
  • Double-check and check again! – ensure that all ‘important’ email requests are verified using another method (such as text message, a phone call, logging into an account, or confirmation by post or in-person). For example, you should establish a robust process for verifying any changes to payment instructions, payments to a new supplier, or unusually high transactions. Never rely solely on contact details provided in an email.
  • Consider DMARC – Domain-based Message Authentication Reporting and Conformance (DMARC) is a great tool which stops attackers from spoofing your domain and making their emails look like they come from inside your organisation. You can read more about DMARC on our website here >
  • Use Huntress Managed Detection and Response for Microsoft 365 – this is a full managed identity threat detection and response (ITDR) solution which can safeguard against inbound threats before they can compromise your business operations.

You can read more about keeping your emails secure on our website in our news item All about Email Security here >

To find out more about how to keep your systems secure and help prevent BEC, get in touch with our Sales Team.

Posted in NewsTagged