Sign in Subscribe
By Gaurav Maniar

Safeguarding Your Organization Against Business Email Compromise

Discover how to protect your organization from Business Email Compromise (BEC) with recent attack examples, the role of AI and GPT in increasing risks, and how DMARC can prevent BEC. Learn key strategies to safeguard your email security.

5 phases of a Business Email Compromise attack: Reconnaissance, Intrusion, Compromise, Exploitation, Execution

Introduction

Business Email Compromise (BEC) is a sophisticated scam targeting businesses and individuals who perform legitimate transfer-of-funds requests. BEC attacks have become increasingly prevalent and costly, making it crucial for organizations to understand and safeguard against them. This article will delve into the nature of BEC, how to identify signs of such attacks, preventive measures, response strategies, and the role of technology in combating these threats.

Understanding Business Email Compromise

Definition and Mechanics: Business Email Compromise is a cybercrime where attackers gain access to a business email account and spoof the owner’s identity to defraud the company or its partners, customers, and employees.

Common Tactics

  • Spoofing: Using an email address similar to the real one.
  • Phishing: Tricking employees into revealing login credentials.
  • Malware: Installing software to track email communications.

In recent years, there have been several high-profile BEC attacks that underscore the severity of this threat. For instance, in 2020, a global electronics company suffered a loss of $37 million due to a BEC scam that involved fake invoices and fraudulent email communication. Similarly, in 2021, a large social media company was defrauded of over $100 million through a series of well-coordinated BEC attacks.

  1. Toyota Boshoku Corporation: In August 2019, the Toyota subsidiary fell victim to a BEC scam, resulting in a loss of $37 million. Attackers used fraudulent emails to trick the finance department into transferring funds to their accounts.
  2. Puerto Rico Government: In January 2020, the government lost over $2.6 million after receiving emails that appeared to be from legitimate government agencies requesting fund transfers.
  3. Ubiquiti Networks: In 2015, Ubiquiti Networks lost $46.7 million to a BEC attack. The fraudsters posed as company executives and instructed employees to conduct unauthorized wire transfers.
  4. FACC: The Austrian aerospace manufacturer FACC suffered a BEC attack in 2016, losing approximately $47 million. The attackers impersonated the CEO and instructed an employee to transfer the funds.
  5. Crelan Bank: In 2016, the Belgian bank Crelan disclosed that it had lost €70 million to a BEC scam. The attackers used a combination of social engineering and email spoofing to deceive the bank’s finance department.

What a BEC Email Looks Like

A BEC email often appears legitimate initially but contains subtle fraud indicators. Here's an example:

From: John.Doe@yourcompany.com

To: Jane.Smith@yourcompany.com

Subject: Urgent: Confidential Payment Request

Hi Jane,

I hope you're well. We need to process a wire transfer for a new vendor we’ve onboarded. Please see the details below and ensure the payment is made by the end of the day.

Vendor: ABC Supplies Ltd.
Amount: $150,000
Account Number: 123456789
Bank: First National Bank
Swift Code: FNB12345

This is a high-priority payment, so please prioritize it. Let me know once it’s done.

Best regards,
John Doe
CEO, YourCompany

Identifying the Signs of BEC

Common Indicators

  • Unusual Requests: These would be sudden changes in financial transaction practices or unexpected requests for sensitive information.
  • Email Anomalies: Misspellings, incorrect domain names, or changes in email tone.
  • Communication Changes: Requests to bypass standard procedures for urgency.

Detection Tools and Techniques

  • Email Filtering: Advanced filters to detect spoofing and phishing attempts.
  • Employee Training: Regular awareness programs to recognize phishing and suspicious emails.

Preventative Measures to Protect Your Organization

Email Security Protocols

  • Multi-Factor Authentication (MFA): Requires multiple verification forms to access email accounts.
  • Secure Email Gateways: Block malicious emails and attachments.
  • Secure your Email with DMARC: Domain-based Message Authentication, Reporting & Conformance (DMARC): This protocol helps prevent email spoofing by allowing domain owners to specify how their emails should be handled. DMARC works alongside SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to authenticate email senders and block malicious emails. Following are more details about DMARC:

a. Authentication: DMARC authenticates the sender's identity,ensuring emails are from the claimed source. It prevents cybercriminals from using your domain to send fraudulent emails.

b. Visibility: DMARC provides detailed reports on email authentication results, giving organizations visibility into who is sending emails on their behalf and identifying any unauthorized use of their domain.

c. Policy Enforcement: DMARC allows organizations to specify how to handle emails that fail authentication checks, such as rejecting or quarantining them. It helps prevent phishing emails from reaching the inbox.

d. Brand Protection: By preventing domain spoofing, DMARC protects the organization's brand reputation and reduces the risk of customers falling victim to phishing scams.

Implementing DMARC involves several steps:

    1. Set Up SPF and DKIM: Before setting up DMARC, organizations must implement SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). SPF specifies which IP addresses are allowed to send emails on behalf of your domain, while DKIM adds a digital signature to emails, verifying that they haven't been altered in transit.
    2. Publish DMARC Record: Create and publish a DMARC record in your domain's DNS. This record specifies your DMARC policy and provides instructions on handling emails that fail authentication checks.
    3. Monitor and Adjust: Use DMARC reports to monitor email authentication results and adjust your policies as needed. It helps ensure that legitimate emails are delivered while preventing fraudulent emails from reaching their target.

Employee Education

  • Training Sessions: Regularly scheduled to keep employees updated on new threats.
  • Simulated Phishing: Helps employees practice recognizing and reporting suspicious emails.

Cybersecurity Policies

  • Clear Guidelines: Define acceptable email use and transaction protocols.
  • Incident Response Plans: Ensure immediate action steps are evident in case of an attack.

Responding to a BEC Incident

Immediate Actions

  • Isolate Affected Accounts: Prevent further unauthorized access.
  • Notify Authorities: Inform law enforcement and relevant stakeholders.

Thorough Investigation

  • Analyze the Breach: Understand how the attack occurred.
  • Identify Vulnerabilities: Pinpoint weaknesses in the system.

Remediation and Recovery

  • System Restoration: Return to normal operations securely.
  • Implement Additional Measures: Strengthen defenses to prevent recurrence.

The Role of Technology in Combating BEC

Advanced Email Security Solutions

  • AI and Machine Learning: Detect patterns and anomalies indicative of BEC.
  • Automated Response Systems: Quickly mitigate detected threats.

Regular Updates and Patches

  • Keeping systems and software updated to protect against new vulnerabilities.

Threat Intelligence and Cybersecurity Services

  • External Expertise: Utilize services specializing in threat detection and response.

Conclusion

Protecting against Business Email Compromise requires a proactive, comprehensive approach involving technology, employee education, and robust security policies. Organizations can significantly reduce the risk of falling victim to BEC attacks by staying vigilant and continuously improving security measures.

FAQs

  1. What is Business Email Compromise?
    • BEC is a cybercrime where attackers gain access to business email accounts to defraud organizations by impersonating executives or trusted partners.
  2. How can I identify a BEC attempt?
    • Look for unusual requests, email anomalies, and sudden changes in communication patterns.
  3. What are the immediate steps to take if BEC targets my organization?
    • Isolate affected accounts, notify authorities, and begin a thorough investigation.
  4. How often should employee training on BEC be conducted?
    • Regularly, at least once a quarter, to ensure employees are aware of the latest threats and how to respond.
  5. What role does technology play in preventing BEC?
    • Advanced security solutions, AI, machine learning, and automated response systems are crucial in detecting and mitigating BEC threats.
  6. What is DMARC, and how does it help prevent BEC?
    • DMARC is a protocol that helps prevent spam by specifying how emails should be handled, working alongside SPF and DKIM to authenticate email senders.

Subscribe to Phisher Safe by SimpleDMARC

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe