Rising Threats in Business Email Compromise: What You Need to Know

What is Business Email Compromise? 

Business Email Compromise (BEC) is a sophisticated email scam where cybercriminals trick victims into transferring funds or sharing sensitive data. With digital communication being crucial to businesses, understanding and protecting against BEC is vital. In 2024, AI significantly enhanced BEC attacks like executive spoofing, with nearly 40% of Q2 attempts involving AI-generated emails.

Common Types of BEC Attacks

• Email Account Compromise: Attackers gain access to a legitimate email account through phishing, malware, or brute force attacks. Once inside, they can monitor communications, intercept transactions, and send fraudulent emails.
• CEO Fraud: Also known as whaling, CEO fraud involves cybercriminals impersonating high-ranking executives, such as CEOs or CFOs. They request urgent financial transactions or sensitive information from employees, often leveraging the authority of the impersonated executive.
• Invoice Scams: Attackers spoof vendor email accounts or create fake invoices. Businesses are tricked into paying these fraudulent invoices, thinking they are legitimate payments to suppliers or service providers.
• Data Theft: Beyond financial fraud, BEC can also involve stealing sensitive information, such as employee personal data, financial records, or confidential business plans. This information can be sold or used for further attacks.

How BEC Works 

BEC attacks are executed through a series of steps, beginning with extensive research on the target organization. Cybercriminals identify key individuals, study business processes, and exploit vulnerabilities in email security. The stages of a typical BEC attack include:

Reconnaissance 

• Attackers gather information about the target organization, focusing on executives and employees with access to financial or sensitive data. They may use social media profiles, company websites, and other publicly available sources to build a profile of the target.

Infiltration 

• Using phishing emails, malware, or other tactics, attackers compromise an email account or create a convincing spoofed address. They may send emails that appear to come from trusted sources, asking the recipient to perform specific actions.

Execution

• Once the attacker has gained trust, they request a financial transaction, sensitive information, or access to systems. These requests are often urgent and exploit the recipient’s sense of loyalty or duty to the impersonated executive.

Financial Theft

• The victim complies with the fraudulent request, transferring funds to accounts controlled by the attackers or divulging sensitive information. The attackers then promptly withdraw or use the stolen data for further crimes.

Protecting Against BEC 

Business Email Compromise (BEC) attacks exploit human-to-human interactions rather than relying on digital mechanisms like malware or viruses. Consequently, traditional security measures, such as antivirus software or endpoint detection and response (EDR) systems, struggle to identify or block them effectively.

Given the human-focused nature of BEC attacks, the strategies for their prevention and defense must also prioritize human-centric approaches. Below are some recommended best practices for mitigating BEC threats:

Email Authentication and Security 

• Implementing DMARC (Domain-based Message Authentication, Reporting & Conformance), DKIM (DomainKeys Identified Mail), and SPF (Sender Policy Framework): These emailauthentication protocols help verify the legitimacy of incoming messages and prevent spoofing.
• Multi-Factor Authentication (MFA): Requiring multiple forms of verification for email account access reduces the likelihood of account compromise.
• Email Encryption: Encrypting sensitive email communications ensures that intercepted messages cannot be read by unauthorized parties.

Implement Robust Training and Awareness 

• Regular Training Sessions: Educate employees about BEC scams, phishing tactics, and safe email practices.
• Simulated Phishing Exercises: Conduct periodic tests to assess employees’ ability to recognize and respond to phishing attempts.
• Clear Reporting Procedures: Establish protocols for reporting suspicious emails and potential BEC incidents.

Financial Controls 

• Verification Processes: Implement procedures for verifying the legitimacy of financial transactions, especially those involving large sums.
• Segregation of Duties: Ensure that multiple individuals are involved in authorizing and executing financial transactions to reduce the risk of fraud.
• Transaction Limits: Set limits on the amount of money that can be transferred without additional verification.

Technical Measures 

• Network Monitoring: Use tools to monitor network activity for signs of compromise, such as unusual login patterns or data transfers.
• Anti-Malware Solutions: Deploy advanced anti-malware software to detect and block malicious activities.
• Incident Response Plan: Develop and regularly update a plan for responding to BEC incidents, including steps for containment, investigation, and recovery.

DefenseStorm Recommendations 

Continuous research is being conducted for all newly discovered or recurring malware and ransomware. As always, DefenseStorm recommends the following practices to help secure your environment:

• Continued internal training for phishing campaigns
• Block threat indicators at their respective controls
• Keep all systems and software updated to the latest patched versions to best protect against all known security vulnerabilities
• Maintain a strong password policy
• Enable multi-factor authentication
• Regularly back up data, air gap, and password backup copies offline
• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location
• Use app hardening
• Restrict administrative access