Business email compromise is a type of targeted phishing (spear phishing) in which a threat actor either accesses or mimics a genuine business email account to defraud the business. This tactic relies on exploiting the assumed trust that victims have in emails coming from what appear to be genuine sources. Often, these scams target employees working in financial departments or executives who have the power to transfer money from business accounts to bank accounts under the control of the threat actor.
BEC scams are multi-layered attacks that begin by conducting reconnaissance to identify appropriate targets. Hackers can scour company websites or LinkedIn profiles to build out a profile of who works for the company and who is likely to have the appropriate privileges to transfer money from business accounts.
After the initial reconnaissance, attackers choose how they’re going to dupe victims into believing that their fraudulent emails are coming from a legitimate source. One common technique is email spoofing, which forges email headers to make it appear that the message comes from a trusted source. Another avenue is credential theft, where threat actors get their hands on credentials for genuine business email accounts and impersonate the owner of those accounts.
Piggybacking off the trust that targets have in these business email accounts, the attacker then crafts a spear-phishing email and creates a sense of urgency about transferring money to a designated account. Sometimes, there’ll be an intermediate step in which the attacker either uses malware or convinces the target to insert them into email threads about company payments. This intermediate step provides more information about typical payment flows and may even help refine their targets.
There are many different types of BEC attacks. Since these scams do not always leverage traditional attack vectors like attachments or malicious links, they may evade identification safeguards.
Knowing what types of BEC attacks exist can help you from becoming a victim.
Account takeover uses a trusted employee or executive’s email account to solicit vendors for invoice payments with new bank account information. Then these invoice payments are deposited into criminal bank accounts.
CEO fraud attacks involve impersonations of the CEO or other C-Suite executives. The attacker uses fraudulent credentials to direct employees in financial roles to transfer money to specific accounts.
Credential theft attacks are often the catalyst to account takeover attacks. These attacks involve stealing a victim’s proof of identity using phishing tools like fake login-pages or keystroke loggers. Once an attacker gains access to a victim’s account privileges there is an open back door. They can sell those credentials on the dark web or use them to inflict massive financial and reputational damage to your organization.
Invoice attacks involve impersonation of an external partner/vendor, internal employee, or brand to deliver a fraudulent invoice request. Often the attacker requests fund transfers that unsuspecting employees deposited into criminal bank accounts. These requests don’t contain malware, so they go undetected by SEGs.
Invoice attacks are costly, and they account for some of the most significant financial losses in BEC schemes.
Email is an essential tool for any modern business. Preventing business email compromise attacks is a challenge for all businesses. In the face of increasingly sophisticated email attacks, many organizations are looking for solutions for stopping BEC attacks. And many are struggling to find a truly comprehensive solution.
A comprehensive approach to prevent BEC attacks requires an email security solution that accounts for when machine-based attacks attempt to circumvent signature- and rule-based defenses through spoofing, in addition to human-targeted tactics like VIP impersonation.
Email security solutions that are truly effective against business email compromise require a direct connection to cloud email providers via API. This grants the solution mailbox-level visibility to an organization's email activity including both north-south traffic and east-west. This access allows the solution to leverage tools like artificial intelligence to continuously scan and adapt to real-time data. Lastly, a comprehensive solution cannot ignore the human element of email security. Educating and empowering an organization's employees to help in the fight against BEC is the only pathway to complete protection against business email compromise.
IRONSCALES comprehensive SaaS platform gives you an edge against all attackers with an inside out approach to email security. The IRONSCALES platform protects your organization from BEC attacks from within the mailbox. The solution's AI analyzes all email communications creating unique fingerprint profiles for each user. By cross-checking and verifying all incoming messages, IRONSCALES gives you confidence in a sender’s identity while protecting your assets — all in real-time. This allows it to detect, prevent, and protect against BEC attacks like CEO fraud, supply chain attacks, invoice fraud, and more.
Beyond the automated protections provided by IRONSCALES the platform directly integrates real-world phishing simulation testing and personalized security awareness training to educate employees on BEC attack identification and prevention best practices.
Learn more about IRONSCALES enterprise-grade Business Email Compromise (BEC) attack protection here.
A researcher at IRONSCALES recently discovered thousands of business email credentials stored on multiple web servers used by attackers to host spoofed Microsoft Office 365 login pages.