What is Business Email Compromise, why is it so dangerous, and how can your company protect itself?
Business Email Compromise (BEC) is a form of cyberattack that is quickly becoming one of the most widespread email attacks that organizations around the world are facing. The attack’s premise is straightforward: an attacker compromises or mimics a legitimate business account, then uses it to request fraudulent payments from customers or contacts. These attacks are extremely damaging and difficult to avoid.
Business email compromise affects companies of all sizes, but it is particularly prevalent in Fortune 500 companies, educational institutions, and small and medium-sized enterprises. To deceive workers and executives into making fraudulent payments, they rely heavily on social engineering.
Table of Contents
- How does Business Email Compromise happen?
- How can you stop business email compromise attacks?
- ● Make sure desktop and webmail clients are running the same version
- ● Beware of last-minute email changes
- ● Turn on security features that block malicious email
- ● Check email addresses for minor changes
- ● Multi-factor authentication should be allowed for all email accounts
- ● Prohibit email from being automatically forwarded to external addresses
- ● Monitor your email exchange server for changes
- ● Note the differences in “reply” and “from” email addresses
- ● Add a banner to messages outside your organization
- ● Consider the use of legacy email protocols
- ● Register and save changes in the login and mailbox settings for at least 90 days
- ● Encourage employees to check suspicious payment requests
- ● Set up email notifications for suspicious activity
How does Business Email Compromise happen?
BEC attacks take advantage of email’s flaws to threaten top-level executives inside a company. BEC always begins with a phishing attack, which enables cybercriminals to gain access to a company’s valuable email account.
Spoofing the domains of high-level business email accounts is another tactic that cybercriminals can use.
So let’s dive deeper to learn more about BEC attacks and how to prevent your company from business email compromise.
How can you stop business email compromise attacks?
Although there are no foolproof methods for detecting BEC attacks, there are several warning signs that your employees should be aware of. Employees should always be careful when reading internal messages from senior management because scammers rely on access to corporate information to build a sense of legitimacy. Here are some tips to prevent your business from BEC.
● Make sure desktop and webmail clients are running the same version
Updating your desktop and mobile email clients prevents issues with syncing and updates. An attacker might use a lack of compatibility between the desktop and the web to put rules that aren’t visible in the desktop clients. As a result, the manner of attack is undetectable.
● Beware of last-minute email changes
The mail server can become vulnerable to attacks as a result of the migration process. If you receive an email from a provider about a financial matter and the email address has changed, call them and request that the email address be checked.
● Turn on security features that block malicious email
Are you making use of the anti-phishing and anti-email-spoofing features that you already have? We sometimes buy additional security items for mail servers but do not completely configure them. If your company sends commercial or transactional emails using one or more forms of email authentication to ensure that an email comes from you or your company, you should take one of the most important steps – properly configure email security standards like SPF. This allows the domain to publicly indicate which servers can send emails on its behalf. After implementing SPF, you can look up the SPF record of any domain to see which servers are authorized to send email for that domain with SPF record check tool.
● Check email addresses for minor changes
By resembling real clients’ names, small changes may make fake email addresses appear legitimate. One of the worst characters to use in an email address is the letter “l.” Is that a lowercase “l” or number ‘1’? They may be indistinguishable depending on the font used.
● Multi-factor authentication should be allowed for all email accounts
Multi-factor authentication (MFA) means that attackers need something else to access your email—a phone, key, fob, or authentication app.
● Prohibit email from being automatically forwarded to external addresses
Since email forwarding is so popular, Microsoft has made it so that outbound mail forwarding is automatically blocked in Microsoft 365. If you have already set up automatic forwarding rules, go through them again to make sure they are working properly. The rules of forwarding can only be found in web applications and aren’t visible in desktop email clients.
● Monitor your email exchange server for changes
Check for updates to configuration and custom rules for accounts on a regular basis. To ensure that your system is well protected, create rules that notify you when anything changes. In any size company, change management should be a well-defined mechanism rather than something that happens randomly. It’s a good idea to carry out the change management process on a regular basis, following recorded procedures.
● Note the differences in “reply” and “from” email addresses
Create a rule to warn you when the “reply” email address varies from the “from” email address in email correspondence. Set a separate flag for an external message that arrives from your domain name, signaling that an intruder is attempting to fool users into believing the email is coming from inside the domain. DKIM may also be configured to reject mails that don’t match the originating mail server’s domain.
Many companies use a standard configuration that warns users about the origin of a message. Moreover, many users still click on links despite the warning. Consider providing end-user training on how the emails would appear and what to expect.
● Consider the use of legacy email protocols
Consider the importance of legacy email protocols like POP, IMAP, and SMTP, which attackers can exploit to get around MFA. Old protocols are vulnerable to attack and hacking. So many of us reuse login credentials across several platforms. As a result, it’s simple for an attacker to use a database of stolen credentials to log into networks using the same credentials.
● Register and save changes in the login and mailbox settings for at least 90 days
As a security method, logging is often ignored. It’s too late to set up auditing and logging by the time you know something has gone wrong. Examine the options for removing logs from your mail servers and storing them elsewhere.
● Encourage employees to check suspicious payment requests
Until approving purchases, employees may ask management for clarification on suspicious payment requests. We have been taught to cooperate and assist as much as possible, but that trait can make us vulnerable to phishing and other forms of deception. Back up electronic systems with traditional confirmation methods including picking up the phone and calling to check the number and transfer processes.
● Set up email notifications for suspicious activity
You can set up warnings for unusual email activity if you use Office 365 or Microsoft 365. Examine if you need to change licenses to get these alerts; in certain cases, it might be worth it.
Financial scams known as business email compromises (BECs) usually target businesses and workers who conduct wire transfers. They are typically more complex than traditional phishing schemes, requiring a combination of impersonation, monitoring, and stolen emails from legitimate business contacts.
A single email click could have disastrous consequences for your business. Follow these tips and make sure your company has the tools it needs to protect itself from business email compromises, phishing, and ransomware.
Report any online fraud or BEC activity to the Internet Crime Complaint Center. Ascertain that authorities are aware of the activities. Even if the particular case cannot be resolved, authorities can use various reports to gain more insight.