What is BEC? BEC is a Business Email Compromise. This basically means that a malicious actor has gained access to an email account. These attacks are typically the result of a credential being leaked on the dark web or a user falling for a phishing email and providing their credentials. In years past these attacks were easy to spot. A malicious actor would gain access to an account and spam everyone in that users account. Today’s attacks are becoming much more complex. Now when a malicious actor gains access to an account they quite often, do nothing. They will monitor emails and content in the account and wait till an opportune moment to perpetuate a scam. This may be creating an email address for a contact that would be a single letter off. So, if a user is working on a real estate transaction and working with firstname.lastname@example.org the bad actor will create an email email@example.com. The MA will copy Robert’s signature and at the same time create a rule on the user’s mailbox to redirect mail coming from the real Robert to the junk mail folder so the user can only see emails coming from the fake Robert. I have seen many users fall for these types of attacks and lose large sums of money.
How can you protect your company?
Here are four ways we recommend you protect your company from these types of attacks:
Providing cyber security awareness training to your employees is a great way to stop these types of attacks. Users will be better able to spot phishing emails and avoid giving away their credentials
- E-mail Protection Tools
There are many products available to assist users with being able to spot phishing and impersonation attempts. We use a protection suite from Barracuda that lets users know if the person is a “first time sender” or an “external sender”. These classifications can help users spot impersonation attempts.
- Proper policies and procedures
Employees should have clear instructions on how to verify senders for financial transactions. We recommend that every company build some “analog” verification into any workflow involving financial transactions. The best method is using a phone call to the number on file to verify any changes in financial instructions.
- Account Login Monitoring
Do you know if a malicious actor has access to one of your accounts right now? Using a monitoring service typically provided by a “SOC” (Security Operations Center) is a great tool to verify that every login to your accounts is from a verified location. These services can spot anomalies in login activity and lock down accounts before a compromise can take place.
Business E-mail Compromise (BEC) attacks are quickly becoming one of the largest threats to a company’s cyber security. We recommend all companies take the steps above to minimize this risk.