Business Email Compromise or BEC takes place when an attacker gains access to your corporate email system and impersonates someone familiar in order to attempt to defraud your organisation.
The unsuspecting employee who receives the email thinks they are corresponding with the person the email purports to come from, but in reality, they are directed by the attacker to click on a dodgy website or download malware. It’s estimated that over 9 out of 10 cyber attacks start with an email.
What does Business Email compromise look like?
BEC takes the form of a fake email which is sent to an employee in order to trick them into doing something that will allow the attacker to gain financially. These are known as phishing emails and purport to be from a colleague, a senior member of your organisation, or even a supplier. The intent behind them is to persuade the recipient to share sensitive and business critical information.
Attackers often scan press releases, social media accounts and other publicly available correspondence to find suitable representatives to imitate such as a senior executive, perhaps someone in your finance department. By using the name of a person or a company you are likely to be familiar, they hope you will click on the content without thinking twice.
Attackers might also use a spoof email address, which is very slightly different to the email address you would expect to be replying to. For instance, instead of firstname.lastname@example.org the attacker might send an email from email@example.com. Or there might be a fake attachment which is supposed to be an invoice that is due to be paid.
How do you detect if an email is fake or real?
It can be very hard to distinguish between a real and fake email. The hint is often in the grammar or spelling which may, on closer inspection, look a bit odd.
There is often a call to action or a sense of urgency – ‘reply to me as soon as possible’, ‘click on this link to download the document’, 'send me this payment straight away’, etc. And this is the part that the recipient tends to focus on, often rushing to respond rather than taking time to realise that there are small indicators that the email is suspicious.
Why is Business Email Compromise so common?
The short answer is because it is so easy for the attackers to carry out. Most organisations still rely on email to communicate while at work.
The attackers rely on social engineering, praying on our nature as employees to read emails and respond to them quickly, for instance if we are catching up after being off for the weekend or after annual leave. This has worked particularly well for them during the COVID-19 crisis as they have honed in on our eagerness to receive information about our health and how to stop the virus it spreading.
How do we stop Business Email Compromise?
Defending your organisation against BEC requires a combination of education, processes and technology. Educating your employees on email best practice is part of a successful approach to reduce the chance of falling victim however you need to have the technology and processes in place to back that up.
A comprehensive approach like this can be a struggle, particularly if your IT team is already hard-pressed to cope with their existing workloads.
iomart’s managed security service combines Artificial Intelligence, the latest security technology and years of industry knowledge and experience to help you achieve peace-of-mind. It analyses your email traffic, communication patterns and content 24/7 to build a pattern of what normal email behaviour looks like in your organisation. Using self-learning, our service constructs the style, content, behaviour and intention of authentic emails in your organisation in order to highlight those that are intent on compromise. When a threat is uncovered, we take rapid action to deal with it.
Find our more by downloading our managed security brochure.
If you would like iomart to review your email security, please get in touch.