Business Email Compromise and How to Protect your Organization
In Business Email Compromise attacks, scammers impersonate an employee in the organization to defraud the company, its customers, employees, or partners. Attackers focus on employees with access to the company’s financial or personal information and trick individuals to disclose sensitive information or perform wire transfers. These attacks are known for using social engineering tactics and compromised accounts. BEC attacks often have no attachments or links.
Although business email compromise makes up only 7% of spear-phishing attacks in 2019, it caused more than $1.7 billion in losses according to the FBI. Gmail accounts are commonly used to launch business email compromise attacks.
A popular form of BEC attacks are payroll scams. Hackers target payroll departments and human resources with the objective of having an employee’s salary transferred to a fraudulent account. Payroll scams are increasing with recent growth of 800 percent.
BEC Techniques
- Sending spear-phishing emails: The attackers send emails that look like they are from a trusted sender to trick victims into revealing confidential information. The stolen information gives the attackers access to company accounts and data they need to carry out BEC scams.
- Lookalike Domains: Cybercriminals register a domain name that is almost identical to the victim’s domain. Messages are then sent from the fake domain to trick an employee who doesn’t notice the difference.
- E-mail sender spoofing: The attackers use slight variations on legitimate email addresses to fool victims into thinking that the fake account is real.
Protect your Business against Business Email Compromise
An API-based inbox defense uses historical email data to build an identity graph to understand who is likely to communicate with each other and what identities they use. When an unusual request is made, API-based inbox defense identifies an impersonation attempt based on the history of communications.
Barracuda Networks has email security gateways and spam filters to protect your business from threats out there. API-based inbox defense is more effective protecting your business against BEC attacks. Barracuda Networks offers state-of-the-art technologies that efficiency and reliably protect your network, users, and data from advanced threats.
Another way you can protect your organization is to train your employees on social engineering. Effective training should include workshops and simulations to train your employees to be vigilant identify BEC attacks that get through other layers of defense. KnowBe4 offers security awareness training that trains your users and testing through simulated attacks.
Ask us about Barracuda Networks or our Managed IT Services for your organization!
We do I.T right!
Request a Free I.T Assessment today! Call us at 416-874-0550