How to Spot & Protect Against BEC Attacks?

Business Email Compromise (BEC) or Email Account Compromise (EAC) have been more frequent.

Due to pandemics, many organizations needed remote operations, which meant that most business conversations were virtual. Unfortunately, this opened a gateway of opportunity for many hackers and cyber attackers.

According to an FBI report prepared by the Internet Crime Complaint Center (IC3), BEC schemes have seen a surge of 2,370%. This surge has been since 2015, with more than 40,000 regional and international incidents.

The total cost of EAC or BEC attacks has been $5.3 billion, making it one of the most challenging aspects of enterprise operations. So, there is no denying that enterprises need better practices to spot and protect their business interactions from such attacks.

So, here we are with an ultimate guide of best tips to spot and protect against BEC attacks. But first, let’s discuss what it is at the core?

What is a BEC(Business Email Compromise)?

Business Email Compromise or BEC attack is a type of phishing attack. It occurs when cybercriminals impersonate a senior-level executive or someone at the top of the enterprise hierarchy.

Further, cybercriminals will use impersonation to ask employees to transfer funds into fraudulent accounts.

Target victims

Cybercriminals track specific enterprise communications with higher transaction volume. They monitor organizations of different sizes to extract information on transactions. Based on the information gathered, they decide on the target victim.

Understanding the target victim’s persona is essential to avoid such an attack. For example, Victims are not someone without proper transactional authority. So, consider employees who control accounts, third-party service providers, real estate transaction managers, agents, etc.

Now that we know what a BEC attack and the target victims are let’s discuss ways to stop them.

Top ways to stop BEC(Business Email Compromise) attacks

BEC attacks have a specific pattern that cybercriminals apply. So, it is essential to understand the pattern, identify critical touchpoints, and safeguard them.

#1. Understand attack patterns

Cybercriminals follow a specific pattern for the BEC attack, and here is how they do it,

Research is a phase where attackers identify an organization or target victims. Then, they gather data using different mediums like social media platforms, publicly available information, contact details on websites, and more.
Attack planning includes building a relationship with the target victims. Cybercriminals use a combination of contact details like phone calls and “spoofed” email communications. Due to emails spoofing, they get critical information used to impersonate a CEO, CFO, or another such persona.
After weeks of emails and establishing trust among victims, social engineering attacks occur.
Transfer of money takes place through a route of the victim’s account. The discovery of an attack is often too late to track for significant organizations.
The final blow is when attackers initiate a money transfer for a legitimate business reason. Here the victim believes the transfer to be legitimate as the request came from an official email address. However, it’s a disguise for fraudulent money transfers.

Now that you know the pattern which every cybercriminal follows for BEC attacks, you can design your security measures for enhanced protection. The next step is to identify different methods they employ for information aggregation.

#2. Data aggregation

Data aggregation is critical for any BEC attacker because that is what helps in planning an attack. However, the old technique of hijacking a CEO’s or CFO’s email addresses is long gone now.

Attackers use the following approaches first to establish a communication,

Email spoofing is an approach where attackers will pause as a CEO of a company or organization for data aggregation and establishing authenticity. Often, it’s a disguise mail with a legitimate request.
Dummy domains are fake domain names that resemble that of an organization. For example, if an organization’s domain address is CEO@mydomain.com, attackers will register a domain name CEO@mydoma1n.com. This is an approach to target employees that may fall for a false domain.
Ghosting is a method where the attacker will ask the employees to contact an external lawyer or fund manager. Social engineering is not direct, but BEC attacks occur through fake email addresses.

These methods help cybercriminals establish a communication, gather data, and use social engineering practices.

#3. SPF / DKIM / DMARC implementation

SPF, DKIM, and DMARC are complex email security protocols to execute. However, it is a critical approach to stop spoofing emails.

The Sender Policy Framework (SPF) helps restrict unknown entities from sending an email from your domain. It hardens DNS servers and prevents spoofing. In addition, it enables the mail server to identify the message source to avoid spoofing activities. It has a policy framework, authentication method, and specialized headers.
DomainKeys Identified Mail (DKIM) is a protocol that helps ensure that the content of emails remains trustworthy and there is no tampering. It maintains the integrity of content and helps identify whether it is compromised.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) tie the SPF and DKIM with specific security policies. It links the domain names of the sender in the “From header” and facilitates a report of delivery from mail recipients.

However, email security may have its restrictions; you can continually improve the safety of business transactions to stop BEC attacks.

#4. Securing transactions

One of the most significant aspects of BEC attacks is money transactions. Attackers go through all the trouble to manipulate employees into transferring funds. This is where validations can help in reducing such incidents.

Here are some tips to follow for transaction validations,

Ensure there are at least three independent signatures mandatory to validate a transaction.
Use secure gateways that use multi-factor authentications to validate transactions.
Validate vendor accounts before transacting with them for business operations
Restrict the access to critical financial accounts for third-party vendors
Ensure authorization of data access before execution of money transfers

Lastly, one key aspect of stopping BEC attacks is training your employees to identify fraudulent attempts at fund transfers.

#5. Train your employees

Training employees is essential to help them identify possible fraud emails. Special training modules around the BEC attacks can help ensure that employees are acquainted with the social engineering practices.

Further, organizations can also leverage training modules on cybercriminals’ BEC methods for employee awareness.

Conclusion

With increased exposure to third-party services and tools integration, security becomes a key factor to success. BEC attacks can hurt an organization and impact users’ trust in a brand. Imagine an enterprise with a compromised business email address!

These scenarios do infuse confidence among users for your brand. Here are some tips to ensure your enterprise’s value.

However, which one to use will depend on your business-specific requirements.

Recommended Reading :