Business Email Compromise: How-To Avoid Joining Those Already Impacted

Business Email Compromise (BEC) now encompasses the largest threat to business. Designed to evade traditional email security, Business including gateways and spam filters, spear-phishing attacks are often sent from high-reputation domains or compromised email accounts. Attacks typically use spoofing techniques and include “zero-day” links, unlikely to be blocked by URL-protection technologies.

Better enforcing your ability to curve attacks and avoid these scams. A lot of the time, attackers impersonate the HR, IT or Finance Teams, instead of an individual. Often, requests appear from a senior executive or trusted colleague.

There are 4 major types of spear-phishing attacks we’ve seen: Brand impersonation made up 47% of the findings. These attackers like to impersonate popular business applications, such as DocuSign, Gmail, Adobe, Microsoft.

Pro Tip: Microsoft is impersonated in 56% of these types of spear-phishing attacks, with many coming from Gmail domains – sounds fishy if you ask us!

With a variety of hooks, such as lottery winnings, unclaimed packages, donation solicitations and other tactics, it’s no surprise 39% of phishing surrounds these scams. Blackmail is tied with CEO-fraud at 7%, as the FBI estimates the total Small to Midsize Business revenue lost, was updated of $26 billion since 2016. In many cases, both will include whaling or some form of bizarre wire-transfer.

  • 91% of BEC take place on weekdays.
    • Ex: On 4th of July weekend was these attacks were 94% below average.
  • Most attacks are low volume and targeted, sending small numbers of emails out. 
  • 47% of attacks used Gmail, while 53% still utilized free email domains.
  • 97% of all BEC attacks originate within already compromised email accounts.

 

What Is Needed for Protection

  1. Educate Users
    Show employees how to recognize employee impersonation. Be sure to point out that phishing attacks don’t always need to have a URL or an attachment and remind them to double-check email addresses and to pay attention to unusual requests.
  2. Setup Internal Policies
    Put policies and protocols in place that require additional safeguards for wire transfers and other financial transactions. Prohibit email requests for purchases and other monetary transactions. Ensure multiple people are required to be involved in the approval process.
  3. Enforce DMARC Authentication
    Setup DMARC authentication to protect against attackers spoofing your email domain in their impersonation attacks. DMARC reports provide visibility and analysis into who’s using your email domain and how. Use this information to establish DMARC enforcement policies.
  4. Use Machine Learning
    Don’t rely solely on traditional email security technologies, as most business email compromise attacks are designed to bypass gateways. Machine learning technologies can analyze internal emails and create a model of everyone’s typical communications. We use this technology with clients to better predict and detect attacks.
  5. Be Ready to Respond Fast
    Train employees on how to recognize and report an attack to their IT personnel. It’s not a matter of whether an attack will sneak through, it’s a matter of how often they will. Use a team that has access to intelligence tools to provide you with threat research. Deploy automated incident response solutions to identifies the scope of attacks and quickly remove malicious messages from inboxes before any damage is done!

Talk with us to better understand the best-options for your network, to better assist in the prevention of Business Email Compromise of  your company. Don’t join the statistics, the cost for many businesses to survive cyber attacks, continues to grow rapidly, looking worse for small to medium sized organizations.