An invoice from an apparent vendor giving payment instructions that turned out to be fraudulent.
Why is Business Email Compromise So Dangerous?
(This is part 2 of a 3-part series on Business Email Compromise. Part 1 is here.)
How a BEC attack unfolds
Research and targeting Attackers research potential targets and gather information about their operations, personnel and financial activities.
Phishing and/or malware attack The attackers may use phishing with a malware-injecting link or they may launch a direct malware attack via previously compromised credentials or unpatched security vulnerabilities to gain access to a target organization’s systems and networks.
Information gathering Once in the network, the criminals move laterally acquiring information about the organization’s financial processes and personnel.
Fraudulent email or request The scammers send a forged email or make a fraudulent request usually impersonating a trusted individual.
Wire transfer or other financial transaction Victims are tricked into transferring money to the criminal’s account.
BEC is an impersonation scam
At its core BEC is a criminal hacker posing as someone that’s trusted for the purposes of stealing money. And criminals took $3B from US businesses in 20231 by this method. It’s unsettling to consider an attacker observing the interactions between a victim and a person the victim trusts, biding time, developing rapport until the actual strike. But that’s the way these criminals operate – limited in each scam only by their cleverness.
The creep factor of BEC
Simple BEC attacks may involve a phishing email from a known sender, more advanced attacks can involve a combination of techniques. But one of the factors that distinguishes BEC attacks from traditional phishing is the criminal’s knowledge of the target organization. This insider knowledge can be obtained by:
The web Attackers may research a company’s website, news articles and other public sources to learn about its operations and personnel.
Social media Criminal hackers may watch social media platforms to gather information about employees and their personal lives that can be used to manipulate them.
Social engineering Attackers may trick employees by first building trust and then manipulating them to perform actions, like revealing information, that aid the attacker. They may use against the victim the emotional pressures of wanting to be seen as efficient in the eyes of a boss or fear that not complying will result in bad consequences.
Phishing attacks Attackers may use emailed phishing attacks to trick victims into clicking on malicious links or opening attachments that contain malware to gain access to the target organization’s network.
Malware Criminals may deploy malware to gain unauthorized access to a business network and gather sensitive information.
Supply chain attacks Attackers may infiltrate and monitor a supplier’s accounting department to more accurately impersonate their transactions. Or attackers may breach vulnerable software to gain access to the target organization’s network.
Once the con-artist has obtained insider knowledge, they can tailor their attacks to be more convincing and effective. According to Bryley partner Mimecast attackers generate high ROI from low-tech attacks that contain no payload but social-engineered text.2
Defending Against Business Email Compromise $250 savings
In appreciation for reading about Business Email Compromise, submit the form, below, or contact Roy Pacitto with code 69427 by December 31, 2024, Bryley will take $250 off a set-up charge associated with a Bryley service that helps in defending your organization from Business Email Compromise. Conditions apply, see sidebar at right.
1 https://www.fbi.gov/contact-us/field-offices/sanfrancisco/news/fbi-releases-internet-crime-report
2 https://www.mimecast.com/content/business-email-compromise/
How to qualify for $250 off the set-up charge for a BEC-protection service:
- This is a promotion to thank the readers of our Business Email Compromise (BEC) email series.
- You must respond via the web form, below, or by phone (978•562•6077 x217) or email with code 69427 by December 31, 2024.
- You must approve the qualifying Bryley service by June 30, 2025.
- This is a special promotion for first-time Bryley clients and applies to the set-up charge of a single service related to protecting an organization from BEC.
- Qualifying services include Multi-Factor Authentication, Single Sign-On, Advanced Email Threat Protection, XDR, Security Awareness Training, Comprehensive Support Program, Dark Web Monitoring.