Cyber Insiders-v8-web - Flipbook - Page 21
HOW TO PREVENT
BUSINESS EMAIL
COMPROMISE
Business Email Compromise (BEC)
continues to be a prevalent threat to
businesses across all industries. Over
the course of the past few years, BEC
attacks have evolved to become much
more targeted and manipulative,
which has contributed to its growing
popularity as an attack method.
In its infancy,BEC attacks focused prim arily on
bypassing M icrosoft365 m ulti-factorauthentication
(M FA),butnow adversaries w illoften hi-jack
legitim ate em ailaccounts via phishing orsocial
engineering techniques to trick victim s into diverting
m oney to accounts undercontrolofthe fraudster.
According to new figures from the UK’s N ational
Econom ic C rim e C entre (N EC C ),reported BEC
incidents have hit4,600 cases overthe past12 m onths,
costing individuals and businesses £138 m illion
in losses,w ith the average case costing £30,000.
A notable BEC attack earlierthis yearcaptured
headlines w hen Europoldism antled a m ajorFrancoIsraelicyber-crim e group thatem ployed BEC attacks
to divertpaym ents,w ith the perpetrators m anaging
to stealover€38,000,000 w ithin a couple ofdays.
C YBER IN SID ERS M AG AZIN E - Vol.2
According to the FBI,BEC has been the highestearning cybercrim e forthe pasttw o years.The
frequency and high costofBEC ,em phasises the
need fororganisations to im plem entpreventative
strategies and m easures across the board.
Allorganisations are vulnerable to BEC ,from
governm entbodies to schools and non-profit
organisations everyone is a target.
The objective ofeach ofBEC attack strategy is to
initiate a non-standard business process by the
finance,payroll,orhum an resources departm ent.
C EO s,executives,finance em ployees,H R m anagers,
and new orentry-levelem ployees are the roles that
are typically m osttargeted by BEC scam m ers,as they
have eitherthe access and orauthority needed to
enable BEC strategies to succeed.
To m itigate againstBEC attacks requires a good
understanding ofattackerstrategies and how to
defend againstthem .Below are som e ofthe m ost
com m on attack strategies and som e bestpractices
to stop BEC .
Page
|
21
