In today’s digital age, businesses have become increasingly reliant on email communication. It supports various purposes including conducting transactions, sharing sensitive information, and collaborating with partners and clients. While email has helped revolutionized the way we work, it has also given rise to new forms of cyber threats. One of the most popular and common are Business Email Compromise (BEC) attacks, which pose significant risks to organizations of all sizes. In this article, we will explore what Business Email Compromise is, its various forms, and how businesses can protect themselves against this growing cybersecurity threat.
What is Business Email Compromise?
Business Email Compromise, often referred to as BEC, is a sophisticated form of cybercrime that involves attackers impersonating trusted individuals, high-ranking executives, or someone in a position of authority. The attackers use carefully crafted emails to deceive employees, executives, or vendors into taking specific actions that can result in financial losses, data breaches, or reputational damage. BEC attacks are designed to appear legitimate, making them highly effective and difficult to detect. The goal is to have employees divulge sensitive information, make unauthorized wire transfers, or share confidential data.
Methods Used by Cybercriminals
BEC attacks can take various forms, but they all share a common goal: financial gain for the attacker. Here are some common methods employed by cybercriminals in BEC attacks:
- Email Account Compromise (EAC): In an EAC attack, cybercriminals gain unauthorized access to an employee’s email account. They may do this through phishing emails, credential theft, or other methods. Once inside, attackers monitor email traffic and learn about ongoing transactions, contracts, or business relationships. They then use this information to create convincing fraudulent emails.
- Impersonation: Cybercriminals often impersonate CEOs, CFOs, or other high-ranking executives to create a sense of urgency and authority. Employees or vendors are more likely to comply with requests from senior leaders. They send emails requesting wire transfers or sensitive financial information. The emails appear legitimate and often create a sense of urgency to bypass verifying the request’s authenticity.
- Vendor Email Compromise: In this variation, attackers compromise a vendor’s email account and use it to send fake invoices or payment requests to the target organization. These requests appear genuine, leading to unauthorized payments.
- Spoofing: Attackers use tactics to make their email addresses and domain names look nearly identical to those of the targeted organization. This makes it difficult for employees to spot the fraudulent emails.
- Attorney Impersonation: Cybercriminals posing as lawyers or legal representatives target businesses with legal matters. They send fraudulent emails demanding immediate payments or sensitive information related to ongoing legal issues.
The Impact of BEC Attacks
BEC attacks can have devastating consequences for organizations. These attacks often can result in:
- Financial losses
- Damage to reputation
- Legal consequences
- Operational disruption
- Loss of sensitive information
- A rise in insurance premiums
- Trust issues with business relationships
Cybercrime as a Service
Cybercrime itself has grown as a business and threat actors develop companies with business models to support supplying phishing kits that can be operated by cybercriminals of all technical skill levels. One such company known as W3ll serves a community of at least 500 cybercriminals providing custom phishing tools used in business email compromise (BEC) attacks that caused millions of U.S. dollars in financial losses. The company’s popularity and business started to grow when it started to sell a custom phishing kit focused on Microsoft 365 corporate accounts.
The W3LL Store promotes and sells its tools to a closed community of cybercriminals providing malicious link stagers, vulnerability scanners, automated account discovery utilities, and email validators. Solutions are supplied for deploying a BEC attack from the initial stage of picking victims, to phishing lures with weaponized attachments (default or customized), to launching phishing emails that land in the victims’ inboxes.
They have also developed techniques to bypass email filters, security agents, and evade detection. One way is to embed phishing links in attachments instead of the body of the email. When launched by the victim, the attached file disguised as a document or voice message opens a browser window with a genuine-looking MS Outlook page ready to collect Microsoft 365 account credentials.
Preventing Business Email Compromise
As mentioned above, some BEC attacks have ways to bypass detection, so the best way to prevent them is having a layered and multi-faceted approach that includes both technological solutions and employee training. When coupled together, the below are helpful:
- Employee Training: Regularly educate employees about BEC threats, social engineering tactics, and the importance of verifying email requests for financial transactions.
- Email Authentication: Implement email authentication protocols like DMARC, SPF, and DKIM to help identify and block email spoofing.
- Two-Factor Authentication (2FA): Enable 2FA on email and other critical accounts to provide an additional layer of security.
- Email Filtering: Utilize advanced email filtering solutions that can detect and block suspicious emails, including phishing attempts.
- Strict Verification: Always verify email requests for financial transactions or sensitive data sharing through a secondary communication channel, such as a phone call.
- Security Software: Invest in robust antivirus, anti-malware, email analyzing, and intrusion detection systems to detect and prevent BEC attacks.
BEC is a persistent and evolving cyber threat that continues to pose a significant risk to organizations of all sizes and industries. Understanding the various forms of this attacks and implementing proactive cybersecurity measures is crucial for safeguarding your business. CatchMark Technologies has the expertise to help defend against BEC attacks and can assist with implementing the measures mentioned above. Our Cybersecurity and Technology teams assist businesses with providing cybersecurity training and awareness, technological safeguards, and protocols that prioritize email security. We help companies take a proactive approach to battling cybercrime, protecting financial assets, and preserving sensitive data.