Outsmarting the hackers behind today’s Business Email Compromise attacks

Business Email Compromise (BEC) campaigns have become increasingly prevalent and costly, with the FBI estimating global annual losses in the billions of dollars. This sophisticated form of cybercrime targets organizations by exploiting email systems to deceive employees and manipulate them into performing unauthorized transactions or divulging sensitive information.  

Understanding the mechanisms of BEC and implementing robust preventative measures is crucial for organizations to safeguard their assets and reputation. Here, we’ll look at how these campaigns work and how your organization can safeguard itself against their costly consequences.  

The four stages of a typical BEC campaign

BEC campaigns don’t start with an email. In fact, the initial stage of these attacks involves in-depth research into your organization on the part of the cybercriminals. The more they know about your business, particularly regarding the C-suite leadership, the more masterfully they can craft legitimate-looking messages.  

Here’s a quick summary of how BEC attackers typically prepare and implement their campaigns.  

1. Reconnaissance: Cybercriminals start by gathering information about the target organization. They might study your company’s website, social media profiles, and publicly available financial data to identify key personnel such as CEOs, CFOs, and other decision makers. 
2. Spear phishing: Attackers use targeted phishing emails to gain access to the target organization’s internal systems. Crafted to appear legitimate, these emails contain malicious links or attachments that will install malware or harvest credentials when an employee clicks on them.  
3. Email spoofing or account compromise: In this stage, attackers either spoof an email address to make it appear as if it is coming from a trusted source within the organization or compromise an actual email account through phishing. This allows them to send convincing emails that can bypass many traditional security measures. 
4. Execution and laundering: Once the victim performs the requested action, the attackers quickly move the stolen funds through various accounts to obscure the trail and evade detection. 

Five essential strategies to avoid falling victim to a BEC attack

To mitigate the risk of a damaging BEC attack, organizations should adopt a multi-layered security approach that includes technical defenses, employee training, and stringent policies. Here are a few key steps to consider. 

1. Shore up your email security with advanced authentication and filtering measures. 
   • Implement Multi-Factor Authentication (MFA). MFA adds an extra layer by requiring users to provide two or more verification factors to gain access to email accounts. This can prevent unauthorized access even if credentials are compromised. 
   • Use advanced email filtering. Advanced email filtering can detect and block phishing attempts and malicious attachments. These filters should use machine learning to identify sophisticated threats. 
   • Enable Domain-based Message Authentication, Reporting, and Conformance (DMARC). DMARC helps to prevent email spoofing by verifying that incoming emails are from authorized senders. Configure DMARC along with SPF (Sender Policy Framework) and DKM (Domain Keys Identified Mail) for enhanced email security. 
2. Educate your employees with training and simulations.  
   • Conduct regular training sessions. These sessions should educate employees about the risks of BEC, how to recognize phishing emails, and the importance of not clicking on unknown links or attachments. 
   • Give everyone simulated phishing exercises. Periodically run simulated phishing campaigns to test your employees’ awareness and improve their ability to identify fraudulent emails. 
   • Establish clear reporting channels. These channels are important for employees who need to report suspicious emails or activities. Encourage a culture of vigilance and prompt reporting.
3. Strengthen your organization’s financial controls.
   • Bolster your verification processes. Financial transactions should always have robust verification. For instance, you should require dual approval for wire transfers and changes to payroll information. 
   • Take advantage of voice verification. Voice verification should be required for any significant financial requests received via email.  
   • Implement robust transaction monitoring. Regularly monitor and audit financial transactions for any unusual or unauthorized activities. 
4. Develop and implement incident response plans.
   • Develop a dedicated incident response team. This team should be trained to deal with BEC incidents and include members from IT, finance, legal, and communications. 
   • Create action plans for the event of a possible breach. Develop and regularly update action plans for different types of BDEC scenarios. These plans should include steps for containment, investigation, and recovery. 
   • Be ready to conduct post-incident analysis. After an incident, conduct a thorough analysis to identify how the breach occurred and what measures can be taken to prevent future occurrences. Share lessons learned with the entire organization. 
5. Conduct regular security audits. 
   • Conduct vulnerability assessments. Regular vulnerability assessments and penetration testing are vital for identifying and mitigating potential weaknesses in your email and network security. 
   • Keep your policies up to date. Periodically review and update security policies and procedures to ensure they remain effective against BEC threats. 

For a complex category of cyber threat, proactivity is key

Business Email Compromise is a potent threat that requires comprehensive and proactive measures to prevent. By combining advanced technical defenses, continuous employee education, stringent financial controls, and well-prepared incident response plans, organizations reduce the risk of falling victim to BEC attacks. As cybercriminals continue to evolve their tactics, staying informed and vigilant is essential to maintaining robust cybersecurity defenses.