Earlier this year, the FBI reported that $12 billion in losses were caused by Email Account Compromise (EAC) and Business Email Compromise (BEC) since 2013. As barriers for entry to BEC diminish and new methods to monetize this type of fraud emerge, these losses are expected to rise.
The following article covers the latest BEC attack approaches and provides actionable security tips to help you mitigate business risks.
We've discussed social engineering and ransomware in depth, but today we're uncovering an unprecedented attack vector that's growing across criminal forums.
Conventional methods for performing a BEC scam, including, but not limited to, email spoofing and social engineering, have proved effective and lucrative for cybercriminals for some time. However, we’re witnessing new techniques arising that are enabling threat actors to breach business email accounts faster and more efficiently.
Adversaries are leveraging email inboxes not only to request wire transfers but to steal sensitive financial information stored in accounts or request that information from other personnel.
Frequently, account credentials and sensitive data are sold across marketplaces and criminal forums, exposed through various means, including:
So, what can your company do to help mitigate the risks of BEC fraud? We've outlined six security measures:
For more information about how your business can improve its approach to cybersecurity risk management and help prevent Business Email Compromise (BEC) scams, contact a cybersecurity specialist at Align here. Alternatively, click on the button below.