Blog Post January 19, 2023

Business Email Compromise Warning Signs and Defense

By: Brittany Demendi, Corporate Communications Manager

According to recent FBI warnings, Business Email Compromise (BEC) scams are rising for organizations in the United States, naming them the $43 billion scam in 2022. Cybercriminals use these scams to ruthlessly target small to medium-sized businesses by researching and posing as vendors or employees attempting to siphon money. BEC scams do not require much sophistication, making them simple yet effective.  

This blog identifies how a BEC scam works and how an organization can better protect itself before falling victim.   

How Does a BEC Attack Work? 

Cybercrime is an evolving game, and cybercriminals adjust their strategies and tactics as security increases. BEC attacks don’t need a tradecraft or advanced tool to execute so they can be presented in many forms. Here is how a typical attack can operate and run its course: 

Research Target 

Launch Attack OR Social Engineering 

Winner, Winner 

  • Research Target: Cybercriminals research and prepare for an attack by sifting through business email databases, mining LinkedIn profiles, or even searching company websites for information. They then carefully craft an email to the targets.  
  • Launch Attack Option 1 – Phishing: Cybercriminals start their BEC attacks by sending out mass emails to see whom they can catch. During this phase, they use fake email names and look-alike domains to trick employees into thinking it’s a legitimate email and ultimately get them to click the link.  
  • Launch Attack Option 2 – Social Engineering: Cybercriminals impersonate employees, specifically CEOs, attorneys, or vendors, to build trust with the target. They typically ask for an urgent request so that the employee will act immediately.  
  • Winner, Winner: Cybercriminals make a financial gain or obtain account compromise. The cybercriminal successfully fooled the employee into believing that they were someone else.  

How to Prevent a BEC Attack 

Cybercriminals leave breadcrumbs before an actual attack occurs. In 2022, the average time to identify and contain an attack was 277 days. When you break it down, it took 207 days to identify the breach and an additional 70 days to contain it, according to IBM Report. If we can identify and contain breaches early, for example, in Phase 2, we can mitigate the financial damage and loss to an organization. The goal is to incorporate security awareness into every department, making it a part of the company culture and continuously testing the strength of your security.  

Security Culture and Human Intelligence   

Many account compromises, data breaches, and ransomware attacks could have been avoided. As an organization, you can take as many preventative measures and precautions as possible to mitigate the risk of an attack, and all it will take is a simple human error to put you at risk.  

The good news is that there are measures organizations can take, such as implementing robust, Proactive Security Awareness Training. These programs empower employees to identify and report suspicious activity as the first line of defense during Phase 2 of an attack. It’s essential that training is not one-off sessions. The program is more efficient when it is consistent training that facilitates a positive cybersecurity culture, along with testing employees’ knowledge, so they are better prepared for when an actual BEC attack occurs.  

The type of culture built at your organization directly impacts your success. For more tips, in a previous blog post, we outlined different ways to create a culture focused on security.   

Test Your Security Strength and Protection 

In addition to equipping employees with the proper knowledge, consistently testing your defenses is another proactive solution. Specifically, testing the Microsoft 365 (M365) environment will not only identify where gaps are in your protection, but it will test how your security stacks up to top tactics used to compromise accounts. Millions of organizations use M365, making it a popular target for cybercriminals mainly due to the amount of data and information they have access to when successfully compromising an account.  

Security teams often lack the proper resources to identify risk areas and test their security programs. However, the free tool, M365 BEC Simulation Tool, allows organizations to test different scenarios that can compromise accounts on their security defense. The tool will also test to see how protected they are and are a huge help against BEC and ransomware attacks.  

The free M365 BEC Simulation Tool can be highly beneficial because it tests the most common attacks cybercriminals use, such as brute force attack-to-success, logins using Tor to breach an account, and a successful login from a foreign country. In a recent blog post, we go into detail about how each one of these tactics works and what your proactive solution is against them.   

The Proactive Approach

BEC attacks are low-risk, high-reward ways cybercriminals take advantage of employees and the security gaps within an organization’s defense. With smaller businesses being the number one target for BEC scams, cybercriminals know they typically have lower budgets for security. A light at the end of the tunnel, and free tools are available to you.  

In addition, Managed Detection and Response Security Operation platforms and Managed Detection and Response (MDR) services are an extension of your security team by delivering top talent and expertise for a cost-effective rate. BEC attacks are rapidly growing and are the most financially damaging. What are you going to do to mitigate the risk?