Around 65 percent of organizations have faced a business email compromise (BEC) attack in 2020. These attacks people at the top level of organizations, especially the CEOs, CFOs, Senior managers, directors, and other professionals in the human resource, finance, and other key departments.
Why are BEC attacks successful? Because attackers design emails that are deceptively similar to emails that are legitimate. Professionals are in fact pitted against a growing serious threat that can also prevent them from succeeding. This post will discuss ways to prevent business email compromise attacks.
A business email compromise (BEC) attack – what is it?
A business email compromise (BEC) attack is a complex and sophisticated phishing scam that compromises email accounts of legitimate accounts. Such attacks usually use social engineering tactics and techniques to obtain any user’s confidence.
In such an attack, intruders impersonate a top-level executive, supplier, or business partner to deceive and trick the recipient into certain activities, like transferring a certain sum of money into a fraudulent or faux account.
As BEC attack emails do not include any malicious or deceitful attachments, typical email content scanning techniques are unable to detect them. Unfortunately, BEC attacks have become the topmost cause of attempts for payment fraud, and have left methods like stolen debit/credit cards quite behind.
Preventing a Business Email Compromise (BEC) attack – key tips for doing so
The Internet Crime Complaint Center 2019 recorded more than 23,000 complaints about business email compromises, resulting in more than USD$ 1.7 billion in losses. Here are some key tips from experts working at a DDoS Protection Service agency in North York, Ontario, to help prevent BEC attacks:
Being on the lookout for suspicious emails from top management executives
A lot of fictitious and artificial email messages can be quite difficult for employees to detect. Employees in organizations can check and seek confirmation for such emails from relevant people in their teams or across the firm to verify the sender’s identity.
Attention must also be given to subjects of emails, or headers, to observe and check if there are any anomalies present, along with suspicious content. If employees detect any indication of a potential BEC attempt, then under no circumstance should they respond to such an email, let alone give a crisp response?
Recognizing an impersonation attack
An impersonation attack usually involves an email that looks as if it came from a trusted source. In the first place, it is wise for employees to work with a zero-trust mindset when it comes to external outreach. There are numerous signs employees must check to detect an impersonation attack:
• Attackers often use urgent tone and language to add pressure. In such instances, employees often take action without checking the situation. How often does an organization’s CEO require access to the network simply because they were locked out? Employees have the lead. In case the email is suspicious, they must reach out to the sender in person, and verify the email by showing it to them.
• Attackers put emphasis on privacy, confidentiality, or both. They do this because an attacker wants to prevent an employee from discussing the message with colleagues. This is where it becomes tricky and employees must be careful. Though they do understand how important confidentiality is for companies today, and yet they still must be careful of such a tactic.
Configuring email systems with anti-spam and anti-spoofing measures
Organizations can make it difficult for fake emails to be sent from their domains through the configuration of effective anti-spoofing controls and measures.
One of the first frameworks to use here is the Sender Policy Framework (SPF). This allows the organization to publish IP addresses that must be trust for its domain. An SPF record is a DNS TXT record containing a list of IP addresses that are allow to send an email on behalf of the domain.
The second framework to use is DomainKeys Identifie Mail (DKIM). It is a form of email authentication which allows an organization to claim responsibility for a message in a fashion, that can only be validate by the beneficiary.
Having emails that are sign with DKIM do look to be quite legitimate to recipients. They are also less probable to go to the junk and spam folders of an email inbox. However, employees should know that DKIM is an optional security protocol. Also, it is not a universally implement the framework.
The third framework is Domain-base Message Authentication, Reporting, and Conformance (DMARC). It leverages the existing email authentication techniques like SPF and DKIM. This means, that at least one of these frameworks should be in place for the email domain.
