BEC: The Threat of Sophisticated Attacks

Hacking into "secure", corporate email systems has recently become a lucrative business. To date, business email systems that have been compromised have caused companies worldwide to lose over 2 billion dollars. Due to the success of these scams, that number only continues to rise.

This type of email breach is more sophisticated than the scam emails users click on that implant a virus. The scheme is designed to have employees wire money to bogus accounts. Many of these emails are created by impersonating key personnel and doing it well. They are socially adept, making them difficult for the regular person to detect. In one example, a CEO was fired after cyber attackers imitated him in an email that lost the company $47 million.

How is it possible for an email scam to cause so much damage? For a cyber attack of this magnitude to be successful, the culprit has to spend quite a bit of time learning about the business they're targeting and its executives. They are able to gain access to email accounts and spend time studying how the targeted person communicates and the business' financial policies. When they have mastered the language and nuances necessary to avoid detection, the fake email is sent.

Three different types of emails used in these particular schemes have been identified. The first is a false invoice email. With this email, the scammers request a payment location change to a fraudulent account. The next type of scam is CEO fraud. In this fraud scheme, an email is crafted as being from the CEO, president, managing director, etc., requesting that an urgent transfer be made to a fake account. The third type of email scam is an account compromise where an employee's email account is used to request payments from vendors found in the contacts list. With each of these scams, detection is made difficult because of the time spent learning the language used by each victim.

If business email compromises are so successful, how can you protect yourself from them? The best way is to look at the processes involved in monetary actions. Does an employee need more verification than just an email to transfer money to different accounts? If not, then a second validation of payments needs to be made mandatory to keep employees from receiving what they perceive as a valid request, and losing the business thousands of dollars. Employee education will raise awareness of business email compromise. Ensure your staff reports all successful hacks and any suspicious activity. These simple steps could be what saves you from becoming a victim.

Business email compromise is a sophisticated email scam plaguing businesses worldwide. Billions have been lost already but your company does not have to join those who have already lost. Mindfulness and education could be the route to preservation for your business.

Allow PalmTech to assist in not only ensuring that your network is secure, but that your staff is kept abreast of the latest cyberthreats as well as the processes that should take place when faced with a scam. Contact us at [email protected] about obtaining a CyberSecurity Consultation & Assessment by September 30th FOR FREE!