Earlier this year, the FBI reported that $12 billion in losses were caused by Email Account Compromise (EAC) and Business Email Compromise (BEC) since 2013. As barriers for entry to BEC diminish and new methods to monetize this type of fraud emerge, these losses are expected to rise.
The following article covers the latest BEC attack approaches and provides actionable security tips to help you mitigate business risks.
We've discussed social engineering and ransomware in depth, but today we're uncovering an unprecedented attack vector that's growing across criminal forums.
Conventional methods for performing a BEC scam, including, but not limited to, email spoofing and social engineering, have proved effective and lucrative for cybercriminals for some time. However, we’re witnessing new techniques arising that are enabling threat actors to breach business email accounts faster and more efficiently. Adversaries are leveraging email inboxes not only to request wire transfers but to steal sensitive financial information stored in accounts or request that information from other personnel.
Frequently, account credentials and sensitive data are sold across marketplaces and criminal forums, exposed through various means, including:
- Unauthenticated or misconfigured file-sharing services
- Third-party compromises
- Paying for access or outsourcing to cyber criminals for a fee
- Previously compromised credentials reused for several accounts
So, what can your company do to help mitigate the risks of BEC fraud? We've outlined six security measures:
- Invest in security awareness training and ensure it covers BEC scams.
- Integrate cybersecurity education into your onboarding process for new hires and conduct security training company-wide.
- Work with a Cybersecurity Advisory Services firm that specializes in cybersecurity risk management to assess your risk profile and determine sound solutions for your business.
- Use unique, strong passwords and limit access for email archives to prevent public exposure.
- Use multifactor authentication
- Monitor for compromised credentials
For more information about how your business can improve its approach to cybersecurity risk management and help prevent Business Email Compromise (BEC) scams, contact a cybersecurity specialist at Align here. Alternatively, click on the button below.