BEC attacks are difficult to detect because they don’t use malware or malicious URLs that can be analyzed using standard cyber defenses. Due to their targeted nature and the use of social engineering, manually identifying and eliminating these attacks is complex and time-consuming. A BEC attack starts with email spoofing. The goal is to impersonate your company’s executives, CEO, or supplier. Once inside, they request a seemingly legitimate business payment. The letter looks authentic, seems to come from a well-known authority figure, so the employee completes the operation as if nothing had happened. Typically, a fraudster will ask for money transfers or checks due to special circumstances.
How to prevent business email compromise attacks?
Some BEC attacks involve the use of malware, others rely on social engineering techniques for which antivirus, spam filters, or email whitelisting are useless. However, one of the most rewarding things you can do is educate employees and implement internal prevention techniques, especially for those employees who are most likely to be the recipients of initial phishing attempts.
Example of BEC Fraud message, sent from the Cybercriminal pretending to be the CEO to the Finance department
Here are some self-defense strategies that can help you mitigate attacks and protect your organization:
1.Enable multi-factor authentication for business email accounts. This type of authentication requires several types of login information such as password and dynamic pin, mail or biometric data. The implementation of multi-factor authentication makes it difficult for a cybercriminal to access employee emails, making it difficult to launch a BEC attack.
2.Do not open any emails from unknown persons. If you do, do not click on links or open attachments, as they often contain malware that gains access to your computer system.
3.Protect your domain. Domain spoofing uses subtle changes to legitimate email addresses to trick BEC victims. Registering domain names similar to yours will go a long way in protecting against email spoofing, which is the basis of successful attacks.
4.Double-check the sender’s email address. A fake email address often has an extension similar to a legitimate email address. For example, the scam [email protected]_company.com instead of legitimate [email protected]
5.Always check where you are sending money or data. Make it a standard operating procedure for employees confirming bank transfer email requests or confidential information. Confirm this in person or by phone call using previously known numbers, not the phone numbers provided in the email.
6.Pay attention to changes in customer and supplier behavior. If there is a sudden change in business practices, be careful. For example, if a business partner suddenly asks you to use their personal email address when all previous correspondence has gone through the company’s email, the request could be fraudulent. Check the request through another source.
7.Implement and enforce DMARC on your organizational (active & inactive) domain levels
Combating BEC with EasyDMARC
Cybercriminals use social engineering tactics to trick unsuspecting employees and managers. They mimic the role of any manager authorized to make or request wire transfers. In addition, fraudsters scrutinize their behavior and monitor their potential victims and their companies for a long time, tracking all upcoming transactions.
A key technology known as Domain-based Message Authentication, Reporting, and Conformance, or DMARC, dramatically reduces the ability of attackers to spoof targeted domains and business leaders by verifying the path from the sending server to the recipient’s mailbox. In addition, this technology allows an organization’s administrators to gain insight into how domain abuse occurs with receiving DMARC Reports, and blocking any spoofing attempts with DMARC enforced policy (p=reject).
However, DMARC enforcement can be a complicated, tricky and time-consuming process for businesses; However, with EasyDMARC, you will:
1.Avoid dealing with complicated DMARC XML reports. EasyDMARC automatically handles all your reports for your organization, with parsing all the information into visible and human-digestible data. Use DMARC Generator to generate your DMARC record.
2.Get an Expert Guide to help you move towards DMARC Reject policy as fast as possible
3.Create Alerts, stay up-to-date with any changes your email infrastructure may encounter, etc..
Make sure to create your account and start your DMARC implementation and enforcement journey right away.