Cybercriminal Profits Soar from Business Email Compromise (BEC) Scams

by: Katie Sloane on Nov, 28, 2018 | 0 Comments
 hero Image

Earlier this year, the FBI reported that $12 billion in losses were caused by Email Account Compromise (EAC) and Business Email Compromise (BEC) since 2013. As barriers for entry to BEC diminish and new methods to monetize this type of fraud emerge, these losses are expected to rise.

The following article covers the latest BEC attack approaches and provides actionable security tips to help you mitigate business risks.

BEC Attack Techniques 

We've discussed social engineering and ransomware in depth, but today we're uncovering an unprecedented attack vector that's growing across criminal forums.

Conventional methods for performing a BEC scam, including, but not limited to, email spoofing and social engineering, have proved effective and lucrative for cybercriminals for some time. However, we’re witnessing new techniques arising that are enabling threat actors to breach business email accounts faster and more efficiently.

Adversaries are leveraging email inboxes not only to request wire transfers but to steal sensitive financial information stored in accounts or request that information from other personnel. 1793-600-375

Frequently, account credentials and sensitive data are sold across marketplaces and criminal forums, exposed through various means, including:

  • Unauthenticated or misconfigured file-sharing services
  • Third-party compromises
  • Paying for access or outsourcing to cyber criminals for a fee
  • Previously compromised credentials reused for several accounts

Risk Mitigation Tips

So, what can your company do to help mitigate the risks of BEC fraud? We've outlined six security measures: 

  • Invest in security awareness training and ensure it covers BEC scams.
  • Integrate cybersecurity education into your onboarding process for new hires and conduct security training company-wide.
  • Work with a Cybersecurity Advisory Services firm that specializes in cybersecurity risk management to assess your risk profile and determine sound solutions for your business.
  • Use unique, strong passwords and limit access for email archives to prevent public exposure.
  • Use multi-factor authentication
  • Monitor for compromised credentials

For more information about how your business can improve its approach to cybersecurity risk management and help prevent Business Email Compromise (BEC) scams, contact a cybersecurity specialist at Align here. Alternatively, click on the button below.

Contact Us ➜

 

Tags: Cybersecurity

Related Articles

 
Remote Work Raises Cybersecurity, Complacency Fears for Hedge Funds

Cybersecurity

Remote Work Raises Cybersecurity, Complacency Fears for Hedge Funds

The following article originally appeared in FundFire and was written by Lydia Tomkiw.  Hedge funds

Read More >

Hackers Seize $10 Million from Sovereign Wealth Fund

Cybersecurity

Hackers Seize $10 Million from Sovereign Wealth Fund

Cybercrime poses a severe threat to the integrity and preservation of established and emerging

Read More >