Cybercriminal Profits Soar from Business Email Compromise (BEC) Scams

by: Katie Sloane on Nov, 28, 2018 | 0 Comments
 hero Image

Earlier this year, the FBI reported that $12 billion in losses were caused by Email Account Compromise (EAC) and Business Email Compromise (BEC) since 2013. As barriers for entry to BEC diminish and new methods to monetize this type of fraud emerge, these losses are expected to rise.

The following article covers the latest BEC attack approaches and provides actionable security tips to help you mitigate business risks.

BEC Attack Techniques 

We've discussed social engineering and ransomware in depth, but today we're uncovering an unprecedented attack vector that's growing across criminal forums.

Conventional methods for performing a BEC scam, including, but not limited to, email spoofing and social engineering, have proved effective and lucrative for cybercriminals for some time. However, we’re witnessing new techniques arising that are enabling threat actors to breach business email accounts faster and more efficiently.

Adversaries are leveraging email inboxes not only to request wire transfers but to steal sensitive financial information stored in accounts or request that information from other personnel. 1793-600-375

Frequently, account credentials and sensitive data are sold across marketplaces and criminal forums, exposed through various means, including:

  • Unauthenticated or misconfigured file-sharing services
  • Third-party compromises
  • Paying for access or outsourcing to cyber criminals for a fee
  • Previously compromised credentials reused for several accounts

Risk Mitigation Tips

So, what can your company do to help mitigate the risks of BEC fraud? We've outlined six security measures: 

  • Invest in security awareness training and ensure it covers BEC scams.
  • Integrate cybersecurity education into your onboarding process for new hires and conduct security training company-wide.
  • Work with a Cybersecurity Advisory Services firm that specializes in cybersecurity risk management to assess your risk profile and determine sound solutions for your business.
  • Use unique, strong passwords and limit access for email archives to prevent public exposure.
  • Use multi-factor authentication
  • Monitor for compromised credentials

For more information about how your business can improve its approach to cybersecurity risk management and help prevent Business Email Compromise (BEC) scams, contact a cybersecurity specialist at Align here. Alternatively, click on the button below.

Contact Us ➜


Tags: Cybersecurity, Managed Services

Related Articles

Align COO Vinod Paul Featured on Cavelo Insider


Align COO Vinod Paul Featured on Cavelo Insider

Align Chief Operating Officer Vinod Paul joined James Mignacca of Cavelo as a guest on their Cavelo

Read More >

Align Featured in 2022 US Hedge Fund Start-Up Guide by Hedgeweek


Align Featured in 2022 US Hedge Fund Start-Up Guide by Hedgeweek

Hedgeweek released their 2022 US Hedge Fund Start-Up Guide, featuring Align's John Araneo, General

Read More >