Businesses are falling victim to BEC or Business Email Compromise attacks. These attacks are cleverly executed and crafted. They are difficult to remediate. These attacks are generally financially motivated. In this article, we are going to talk about BEC attacks. This guide will help you in preventing Business Email Compromise attacks.
What is a Business Email Compromise attack?
BEC is a type of cyber attack. Attackers use BEC for targeting organizations. They try to get financial gains by doing email frauds. These attacks will target specific organizations using social engineering attacks. The main goal of the Business Email Compromise attack is to trick the victim. Victims might end up doing money transfers to the attackers. They will also try to gain access to the data. Privacy breaches and data leaks are generally a direct result of BEC attacks.
BEC is a special type of phishing attack. The attackers will impersonate as a legit party in this attack. They will try to compromise the email accounts of some senior management or executive of an organization. BEC is not the usual phishing attack where attackers send spam emails. However, attackers will do a lot of research before executing any attack. BEC attackers also use spear-phishing methods. They target employees that have access to some kind of fiduciary or financial duties like payroll, accounting, and purchasing.
BEC attacks will try to create a fake scenario and a sense of urgency. The emails are generally spoofed. Your employees will think that some senior management or someone from the Finance department is contacting them. These techniques increase the probability of users falling for scams. Thus, BEC attacks are very effective. You need to employ good security strategies for preventing these attacks.
How does these attack works?
BEC attacks are similar to phishing attacks. Attackers will first pose as a vendor, boss, or colleague. They will ask the receiver to make a wire transfer or transfer some work-related file with time. BEC attacks use various methods like email account spoofing, impersonation, and domain spoofing for attacking.
You can’t use simple automated security systems for blocking BEC attacks. BEC attacks won’t use malicious URLs or malware in their email. Thus, you can’t stop them by using automated security solutions. These attacks will rely on impersonation only. Social engineering techniques like posing as known vendors, executives, and CEOs are used. BEC attacks are time-consuming and difficult to remediate.
Examples of BEC attacks
These are the most common type of scams. If your business has an online presence, then you must have already experienced this. Your inbox must be full of attackers trying to execute invoice scams. Attackers will send a fake invoice to your email. They will try to get money from your users. Attackers will use fake login screens to trick users. The main aim goal of attackers is to cause financial damage to your business. They can also gain access to your entire network in some cases.
Attackers will use logos of famous companies like Adobe, Dropbox, and Office 365 for conducting these scams. The fake payment link or invoices are sent from spoofed email addresses. Attackers will try to spoof a high-ranking executive email address. They can also pretend to a vendor. Attackers might also send fake invoices with fake letters and contracts.
Spear phishing is heavily used by BEC attackers. It is a special form of phishing. In this attacker will first research the target organization. They will send crafted emails to your employees. These emails will be customized according to your business. Thus, your employees will think that the email is coming from a real source.
Attackers do a lot of research before conducting this attack. Thus, it is difficult to stop this attack. This is heavily used by attackers. You need to deal with spear-phishing if you want to protect your business.
Attackers will create a copy of a real website. They will try to trick visitors into revealing important and sensitive information like login credentials, social security numbers, and credit card details. This technique is heavily used in BEC attacks as attackers can easily execute it.
Spoofing can be done by creating a website and registering a domain name. This domain name will closely resemble the brand name of the organization that they are targeting. Thus, it will look like your real organization’s website. Attackers will try to trick your customers into using their fake websites. Your real customers might enter their credit card details. They can also enter some other sensitive information into fake payment gateways.
Spoofed websites are generally used to steal personal or financial information. However, these websites can be used to launch a large cyber attack also. Attackers can use these websites for spreading malware through infected links. They can bypass network access controls by using these websites. Also, they can redirect all the traffic to some other website. They can launch a DDoS attack using these websites.
How to protect your organization from BEC attacks?
Train your employees
The best way to protect your business from BEC attacks is by training your employees. If your employees are vigilant and informed, then you don’t need to worry about BEC attacks. You must train your employees. Make sure that your employees can identify BEC and phishing emails. Some of the signs of BEC emails are:
- Attackers will generally pose as high-level executives. They will ask for wire transfers or unusual information. If some mail is not looking normal to you, then you should immediately contact your IT team.
- Attackers will ask you to keep the communication confidential. They will ask you to only contract through email. If you are receiving some unusual requests, then you should verify them by calling the person.
- Every business will have a standard procedure for payments, sharing of information, and accounting. If you are receiving such requests, then you are bypassing standard processes. Thus, you should contact your IT team.
- Try to look for grammatical errors and typos in the mail. Also, look for unusual characters or data formats. These things can help you in identifying phishing mail.
- If the email addresses in the Reply-To and from the field are different, then someone is trying to trick you.
Enable multi-factor authentication for your email account
Multi-factor authentication is a security system that can help you in protecting your network. You need to provide another authentication factor for accessing your email address. Thus, attackers can’t access your email account even if they have access to your username and password. This will ensure that attackers can’t easily access your account.
Add a banner to emails that coming from outside
Most companies are using this practice for protecting their employees. You can add a banner either on the bottom or top of the email that is coming from outside your organization. This will act as a warning for your emails. Your employees will know that this email is coming from outside. Thus, they are not going to give any sensitive information. This won’t prevent users from interacting with the email or clicking on links. However, it will act as a reminder that your employees should be careful.
This can be easily done and it is a very effective method to protect your employees. If your employees don’t know about the origin of an email, then they can’t differentiate between legit and fake emails. They will think that the fake emails are coming from your mail server. All you need to do is add a banner in the emails that are coming from outside.
Spot differences in “reply-to” and “from” email addresses
You should set rules to either flag or filter out emails where the “reply-to” and “from” emails are different. Your organization can also flag the emails that are coming outside of your domain. You can use DomainKeys Identified Email (DKIM) to reject the mails that don’t match the criteria. This will help you in saving your employees from fake emails.
Empower your employees
If your employees receive an email from an authority figure, then they will generally feel a need to quickly complete the request. We try to help each other by sometimes not following the standard procedures. This gives rise to the possibility of BEC attacks. If everyone is following standard procedures in your organization, then you don’t need to worry about BEC attacks.
You should try to empower your employees. Your employees should ask questions and seek clarification when they receive unusual requests. They should ask questions even if they receive these requests directly from the CEO. Sometimes all you need to do is pick up the phone and call the person to verify if the email is legit. This can help you in stopping a lot of BEC attacks. If your employees are empowered, then they won’t feel afraid to check with the higher authorities. They can also check with the IT team. Your IT team can help them in checking if the email is legit or not.
Monitor your Email Exchange Server
You should check for changes to customs rules and configuration for specific accounts. Make sure that your IT team is setting up rules that alert you whenever something is changed in your email exchange server. Change management should be a well-defined process. This will ensure that you are actually checking the changes properly. It is a good idea to perform the change management process after regular intervals.
Review your email protocols
You should consider the necessity of old email protocols like SMTP, IMAP, and POP. Attackers can use these protocols to circumvent Multi-factor authentication. Old protocols can be easily hacked as they have multiple vulnerabilities. Most users use the same credentials for accessing their accounts. Thus, it is easy to steal these passwords. Attackers need access to a database of stolen credentials for finding your employee’s password.
Report fraud to authorities
You should report any BEC activity or online fraud to authorities. Make sure that the authorities know about the activities that are going on. Your specific case might be solved easily. However, authorities can use this data to look for patterns and catch attackers. Thus, BEC cases should never be overlooked. You should report even the smallest BEC case to authorities.
Make sure web and desktop email clients are running the same version
You should ensure that your web email and desktop clients are up to date. This will help you in avoiding problems with updates and syncing. A lack of synchronization between the web and the desktop might allow a hacker to attack your email server. They can use rules that are not available in your desktop clients. Thus, the attack won’t be noticeable.
BEC uses various methods like social engineering and phishing to attack users. They will try to win the trust of your employees. The main aim of attackers is to carry out fraud. Thus, they won’t send any malicious links or attachments to your employees. Due to this, you can’t detect these emails easily. You need to adopt various security strategies for dealing with BEC attacks. However, the most important strategy is to train your employees. Your employees should understand their roles and responsibility. You should ensure that they can identify phishing emails. This will help you in protecting your business from both BEC and phishing attacks.
The best way to improve your security posture is by working with a good MSP. Experienced MSPs like Bleuwire can help you in dealing with cyber attacks. They will help you in creating an IT security strategy. Thus, you don’t need to worry about handling your IT security strategy. Bleuwire will also help you in training your employees. This will ensure that your employees can protect themselves from phishing attacks. If you need more information regarding IT security services, then you can contact Bleuwire.