What is Business Email Compromise?
Business Email Compromise (BEC) leverages social engineering tactics with the purpose of gaining the confidence of an employee and convince them to give up their credentials, change banking details, transfer funds, or steal data.
According to the FBI, BEC monetary losses since 2015 are in the billions. It affects thousands every year, and doesn’t discriminate between small, midsized, and large business. Everyone is at risk! Learn how to protect yourself…
Social Engineering Tactics
Phishing: Sending fraudulent communications with an intent to steal login credentials, install malware, or infiltrate a mailbox from an unsuspecting recipient.
Spoofing: Sending email messages with a forged sender address or domain name. Often this appears as a single-character difference. If the sender’s mailbox has been compromised, spoofing is not required.
Spear-Phishing: Targeted phishing which prioritizes decision makers and those who handle money like executives and accountants
Anatomy of an Attack:
- Step 1: Identify a Target
- Step 2: Grooming
- Step 3: Exchange of Information
- Step 4: Wire Transfer
Types of Business Email Compromise:
- Bogus Invoice Scheme
- CEO Fraud
- Account Compromise
- Attorney Impersonation
- Data Theft
What is the Identity Perimeter?
Combating Business Email Compromise requires an organizational shift in your security practices. That starts which protecting each employee’s identity and login credentials.
Before the digital age, most of your corporate assets could be reasonably secured using locks on file cabinets, security cameras, and loyal employees. Once the digital age hit, it became a more difficult to protect your organization. Securing your network required more effort, including restricting what devices could access data, hiring IT administrators and deploying server firewalls. But then, there was the cloud revolution. With data moving off private servers and onto cloud services, your business assets are now protected only by the strength of your employee’s login credentials