5 Examples of Business Email Compromise Attacks

Develop a BEC Incident Response Plan including emergency contacts with the appropriate financial institutions in case it becomes necessary to stop a transfer. Collaborate with human resource and finance departments to ensure their policies are supported Business Email Compromise by technological solutions. Users should reply by forwarding, and not by hitting the “reply” button, which helps to prevent successful spoofing attacks. Support your team with technology that analyzes every email for BEC risk, in real time.

Explore trending articles, expert perspectives, real-world applications, and more from the best minds in cybersecurity and IT. Bill Toulas is a technology writer and infosec news reporter with over a decade of experience working on various online publications. The attacker logged in to the victim’s account on January 5, 2023, and spent two hours searching the mailbox for good email threads to hijack. This rapid attack progression ensures that the targets will have minimal opportunity to identify signs of fraud and take preventive measures. Attackers only have to be right once while defenders need to be right 100% of the time. To help combat this asymmetric disadvantage, InQuest provides an open research portal that combines crowdsourced efforts with machine learning to combat the likes of Bumblebee and other BEC related threats.

You’ll Receive Insights Like These

This is both highly effective and meets low user resistance since the process is transparent at the user level. Luckily, there are simple, effective ways to get ahead of scammers leveraging Business Email Compromise. Continuously educate all employees and managers with how to stay safe from any further BEC efforts. The use of full names instead of nicknames and a language structure may not match how the supposed sender normally communicates. From the first sign-in to the deletion of the sent email, a total of 127 minutes had passed, reflecting a rush from the attacker’s side. Thread hijackingis a very effective technique making it appear that the fraudulent message is a continuation of an existing communication exchange, so the recipients are far more likely to trust it.

• Download the Definitive Email Security Strategy Guide and get everything you need to stop malware, phishing, and fraud.
• No company is safe from scammers unless it takes security protocols and practices seriously.
• Cybercriminals usually target human resources employees to get personal or sensitive information about the company’s CEOs, executive officers, partners, and investors.
• Business Email Compromise is a type of scam targeting companies who conduct wire transfers and have suppliers abroad.
• Scammers will email employees from embedded contact lists or even call them, earning their trust.

With the growing popularity of remote work, it’s also essential to create your own authentication means when none exists. If you receive a suspicious email from a familiar vendor asking https://www.wave-accounting.net/ for an invoice to be urgently fulfilled, call the vendor to confirm that they sent the email. An attorney’s email identity might be used to pressure the target for immediate payment.

Proofpoint Recognized in 2022 Gartner® Market Guide for Email Security

In addition, fraudsters also carefully research and closely monitor their potential target victims and their organizations. Outside of cybersecurity specialists, most people have never been taught cybersecurity – or they’ve only received very basic training. But employees are the first line of defense against cyberattacks, particularly those like business email compromise. As such, they should be enabled with the proper training and guidance to best prepare them for potential threats. Cybersecurity awareness training on an annual basis is no longer enough, as threat actors change frequently, and awareness dwindles after a certain period. Organizations must conduct frequent, engaging training – particularly with new employees, who are prime targets for business email compromise attacks – to encourage their team to be on high alert for any scams they might encounter.

• As a result, BEC are difficult to detect or prevent with traditional security tools, such as antivirus solutions or endpoint detection and response .
• Learn how to protect your company against business email compromise using Proofpoint’s Business Email Compromise Protection – learn what it is and how it works.
• Employees should be suspicious of demands that do not initiate communication through any medium other than email .