Business Email Compromise

What is Business Email Compromise?

A business email compromise (BEC) scam tactics is a cyberattack where the hacker targets your business or your customer to gain access to your corporate data, steal personal or business credentials, and harass employees through scamming. Also known as email account compromise (EAC) or a Man-in-the-Middle attack, BEC scam tactics is one of the most financially devastating forms of online cybersecurity fraud. It takes advantage of people’s reliance on email to conduct business and, in some cases, a lack of proper security controls.

A cybercriminal designs an email account similar to the firm they are targeting. They use this bogus account to trick employees into giving up their system or personal credentials to access and transfer sensitive information files. Attackers use those stolen credentials to break into the network and transfer stolen sensitive information and embed malware.

New business email compromise (BEC) emails powered by artificial intelligence (AI) are growing worldwide, challenging people's trust in legacy solutions and products. It has become a pervasive problem that targets enterprises of all sizes and industries. News reports, including those featured onCNN.com, report businesses have lost billions of dollars because of BEC AI events bypassing legacy products and trick their victims. BEC AI attackers often target executives who handle their company’s finances, duping them into routing a wire transfer into bank accounts the victim believes legitimate.

Yet all the money goes to the criminal, the “man in the middle.”

What is the best way to access additional information and insights center around how to stop new BEC cybersecurity attacks and other cyber events while protecting your customer and employees?

Click here today to see how Trustifi email security services can help prevent business email compromise attacks. You can also request a demonstration of this market-leading platform with this link.

How Do New BEC Attacks Work?

Like other targeted emails resulting in scams, business email compromise attacks begin with information gathering, research including internet news about their victim, and, eventually, access to organization data through social engineering and email phishing. The cybercriminal first chooses a firm to target, then looks for helpful information and valuable insights on the company’s website or LinkedIn page, including past security breaches. The attackers compile a list of the company’s employees and discover positions and designations from this publicly available information. Then, the hacker will create phishing emails comprised of well-crafted content, including a request for the victim to change their password.

The attackers learn the pattern of the employee’s email account and then selects a target to carry out their scams. They forge emails with the address of an employee at the executive level. The thief might masquerade as the CEO, CFO, or another C-level person within the organization. The cybercriminal requests in the message that certain activities be performed, such as conducting transactions, updating bank details for future payments, or altering payroll information.

Unlike other cyber threats and security attacks, business email compromise or BEC scams do not include malicious email attachments or links that a cyber threat defense can detect automatically. Instead, BEC attacks are a type that uses impersonation or other social engineering methods to access victims and divulge organization information that can be used against the business. Yet, most employees rarely report a suspicious BEC attempts because most email messages look realistic and often bypass security architectures and legacy products. Employees trust most emails at face value and rely on the businesses cybersecurity defensive tools.

What Does Business Email Compromise Look Like?

BEC is a social engineering scam embeds reconizable insights inside of email messages. BEC scams disguise itself as a trusted entity making it difficult to defend against. The victim receives an email from a seemingly trustworthy source and considers the content legitimate. The source appears to be a colleague, a senior executive, a vendor, or the company’s owner. Hackers may simply concoct a fake email account similar to the one the impersonated person. These attacks work because of the effectiveness of these fake accounts.

If they are lucky (or sufficiently devious), the hacker may intercept actual emails from an organization executive to use as a template. The latter approach, known as clone phishing, is more dangerous to detect and prevent even with the most advanced email security solutions.

To breach a target, a hacker emails pretending to be from a familiar source of trust and makes a legitimate query. Embedded within the phishing content also contains a request for payment of a false invoice and other demands.

Here are a few examples of these BEC attacks:

• An impersonated product supplier sends a message explaining that they have an updated email account and demands payment for an invoice.
• A bogus title firm emails a home buyer explaining how to send the down payment. Most often, the buyer trusts the message because they expect these instructions.
• A phony CEO sends a message to the company’s finance department and asks them to wire funds to the provided bank account.

The above scams are actual scenario attacks that have happened to real victims. All these emails were frauds, and each case cost the victim hundreds or thousands of dollars.

Signs of a Business Email Compromise Attempt

While BEC security attacks will differ depending on the intended victim and the hacker’s preferred technique, a few elements are common to most methods, and you should be on the lookout for them when dealing with emails. Organizations can prevent these attacks by enabling advanced email security services powered by artificial intelligence from providers like Trustifi.

BEC Attack 1: Suspicious Emails from High-Level Management

Using C-level executives’ email addresses to interact with the target gives attackers an edge in gaining psychological control over the victim. For example, hackers learn firms mandate employees urgent demands or orders from senior executives that fall outside normal business processes, especially those concerning the organization’s finances or confidential information. This intimidation or sense of urgency is part of a BEC attack script. Compromised email accounts also become a tool for hackers to send threatening messages to employees.

BEC Attack 2: Unfamiliar Tone of Voice

Recognizing an odd tone or form of speech or wrong syntax is a common way to detect suspicious scams through email. For instance, if a supposed coworker addresses you as “Dear Sir” in emails, and that form of address is not the norm, the email is probably a fraud. As another example, if emails are full of typos and the alleged sender typically sends perfectly typed emails, you are likely dealing with a hacker on the other end.

BEC Attack 3: Pressure to Ignore the Firms’ Standard Procedures

Companies often implement strict security procedures when handling large financial transactions. Employees should look for requests to ignore the standard security transaction methods, regardless of who makes the request. Employees should report any business transaction requests from social media to their fraud department or their technology outsourced partner.

How to Stay Protected Against BEC Attack?

While no guarantee exists that new BEC AI scams will not victimize your employees, you can take measures to reduce the risk of your corporate information becoming stolen or manipulated. Recognize social engineering scams, fraudulent email accounts, and unauthorized demands as hallmarks of a BEC security attack. Sound email security protection capabilities are a solid way to prevent BEC scams from becoming successful.

BEC Safeguard 1: Two-Factor Authentication

Two-factor authentication security (TFA) services are a terrific way to secure your employees’ accounts from these scams and prevent a BEC AI attack. It increases protection against hackers by requiring users to authenticate themselves with something other than a password. Often, TFA involves the user’s cell phone. After the user enters their account password, the system sends a one-time passcode to the registered cell phone number. Even if the hacker has stolen a C-level executive’s password, they cannot break into the system unless they possess the executive’s phone.

BEC Safeguard 2: Regularly Monitor Your Security

Your security team should constantly monitor your IT network for potential vulnerabilities even if the environment is managed by an outsourced partner. Organizations should also regularly check with their employee community and tell them to take precautions when interacting with the firms’ email. These teams also encourage their user community to report any suspicious emails to help prevent BEC scams. This two-way communication between security operations and the user community is an excellent way to protect and support the organization.

BEC Safeguard 3: Conduct Realistic Attack Simulations

Simulating a BEC attack is an excellent way to see how your workers react to an actual attack. It can also help you determine if the security system is weak and which employees need more training. The information gathered from attack simulations becomes incredibly useful when deciding which employees need additional security awareness training to help identify BEC scams early. Attack simulation is a great way to protect contractors and business partners who access corporate information.

How Does Trustifi’s Inbound Shield Protect You from a BEC Attack?

Trustifi provides response through advanced solutions and services to protect against BEC cyber threats to an organization’s email system. Trustifi features the Inbound Shield, an email security filter to help secure users' messages. As soon as Trustifi’s Inbound Shield is deployed to your company’s email system, sophisticated AI software scans every email your server receives. Inbound Shield places each incoming email in a sandbox, and its multi-layered detection scans the email thoroughly, including the sender, subject, content, links, and attachments. An email must pass all tests at each layer to be deemed safe.

The email will rely on 3 parts to scan every message and has a unique and advanced approach for each part.

Trustifi BEC Services Safeguard 1: Email Content and Headers

• AI detects and classifies BEC, VEC, Spam, and GRAY sent from attackers.
• Header analysis detects spoofing and impersonation techniques used by attackers.

Trustifi BEC Security Safeguard 2: Links – Advanced Methods to Catch the Most Sophisticated Phishing Sites

• Deep analysis based on content, metadata, and domain reputation
• Proprietary method to catch zero-day phishing sites

Trustifi BEC Security Safeguard 3: Files – Deep Scanning

• Detects and neutralizes sent links inside files
• Searches zipped and archived files for malicious text and information
• Sandboxes all messages until they are determined safe
• Seeks Trojans, viruses, and malware contained in email attachments