How You Can Minimize the Risk of Business Email Compromise

Businesses typically use email for all kinds of important internal and external correspondence. An organization’s members and its customers develop a level of trust in the email system that allows them to conduct business and exchange sensitive or confidential information under the right circumstances. Threat actors often attempt to leverage this trust by compromising a company’s business email system.

What is Business Email Compromise?

Business Email Compromise (BEC) is a type of cyberattack where a threat actor employs social engineering techniques such as spear phishing and whaling to gain access to a victim’s email account. The compromised email account is then used to impersonate the victim.

Successfully compromising an email account allows the perpetrator to send fraudulent emails to employees, customers, or business partners. The goals can be to extract money from the recipients or obtain sensitive information. BEC attacks are difficult to detect because they exploit their victims through manipulation and deception that are beyond the means of technical security solutions to identify.

How do Threat Actors Conduct Business Email Compromise?

The 2022 FBI Internet Crime Complaint Center (IC3) report places BEC first in its annual list of cyber threats. The report indicates the Bureau received 21,832 BEC complaints with adjusted losses totaling over $2.7 billion. The Bureau also states that attackers’ techniques are continuing to become more sophisticated. Recent attacks have used compromised custodial accounts from financial institutions and cryptocurrency exchanges. Current scams are also enticing victims to send funds directly to cryptocurrency platforms where they are quickly and untraceably dispersed.

Multiple variations of BEC scams are used by threat actors as they attempt to deceive an organization’s employees and customers.

• Scammers attempt to steal data that can be used for further exploitation such as login credentials and account numbers.
• Fraudulent invoices are disseminated to customers with instructions on how to pay to a dummy or compromised account.
• CEO or upper management spoofing is a powerful weapon that can result in employees being enticed into committing security violations or exposing valuable enterprise data to scammers.
• Impersonating lawyers or other professional services enables scammers to trick victims into divulging sensitive information or transferring funds.
• Compromising the business email account of any level employee gives an attack a trusted platform from which to exploit an organization’s employees and computing environment.

Why is Business Email Compromise so Damaging?

BEC can be extremely damaging to the victimized organization. Due to the trust placed in the compromised victims of BEC attacks, threat actors have an increased probability of success when perpetrating scams. The most common results of a successful BEC attack include:

• Financial losses from being enticed to transfer funds for a fraudulent reason or to a compromised account;
• Data loss involving sensitive enterprise and customer data by fraudulently obtaining login credentials;
• Destroying customer trust by being subjected to fraudulent emails coming from a compromised business account;
• Gaining access to a company’s IT or IoT environment for further exploitation or to plant malware.

Examples of BEC in Action

Business email compromise is not just a theoretical cyberthreat as demonstrated by the information provided by the FBI’s IC3 report. The following examples of BEC illustrate some of the tactics used by threat actors and the damages that can be incurred by their victims.

• Google and Facebook - This demonstrates that large corporations are not immune to the dangers of BEC. Between 2013 and 2015, the companies paid over $100 million in fraudulent invoices to a group of cybercriminals. The criminals used compromised accounts from a hardware company that did business with Google and Facebook.
• The Government of Puerto Rico - Fraudsters stole $2.6 million from the Puerto Rican government’s Industrial Development Company by using deceptive emails that indicated a new bank account should be used for payments. Money was unwittingly sent to the account by employees.

Protecting Yourself From Business Email Compromise

Organizations need to take the appropriate protective actions to guard against BEC scams. These measures have to be followed by everyone in the company, including user upper management and C-level executives. In many cases, the targets of BEC attacks hold positions of authority and responsibility that increase their value in the eyes of an attacker.

The following protective actions should be taken throughout the organization.

• Implement a program of security awareness training that is renewed annually. Everyone needs to understand their role in protecting the company and any new tactics used by threat actors.
• Be extremely cautious when sharing information online. If there is any doubt concerning the legitimacy of a request, verify it by contacting the requestor directly.
• Don’t use the number included with a suspicious message to verify the sender’s identity. Look the number up independently before calling.
• Authenticate all email addresses and URLs for potential fraud. Scammers often use a legitimate-looking address by replacing a single character that leads to a fraudulent site.
• Verify payment and purchase requests through alternate channels.
• Be very wary of requests to transfer funds or divulge information immediately.
• Guard against cleverly crafted emails using AI technology that impersonate trusted sources.

How Can XDR Help Protect Against BEC?

Extended detection and response (XDR) is an important component of a comprehensive and holistic approach to cybersecurity. An XDR solution complements your existing cybersecurity posture with the addition of advanced threat detection that goes beyond the capability of traditional security solutions.

Organizations can expect the following benefits from implementing an XDR platform.

• Consolidated telemetry in a single pane of glass for enhanced threat detection. XDR integrates the functionality of the tools performing email hygiene and other security solutions that generate alerts in a single, centralized location so important warnings are not missed.
• Detecting lateral movements that can indicate intruders have gained access to the infrastructure. In addition to attempting to extract financial gains as the result of a BEC attack, threat actors may have planted malware that escapes detection from traditional cybersecurity tools.
• Prioritizing threats for more productive use of security resources. Rather than chasing down unimportant alerts, teams can focus on the threats that jeopardize the business.

Samurai offers businesses of all sizes a cloud-based XDR solution that improves their security posture. Using a combination of advanced threat intelligence and visibility into the complete digital estate, Samurai XDR identifies threats to your environment that are undetectable by traditional security tools.

Talk to Samurai today and learn how you can incorporate this advanced threat detection platform to combat the increasingly sophisticated attempts to compromise business email and your organization.