Intelligent CIO Europe Issue 21 | Page 29
What Is Business Email Compromise?
A business email compromise attack — also known as a BEC attack
— is a type of phishing attack in which a cybercriminal impersonates
a high-level executive or other trusted contact and uses social
engineering techniques to trick an email recipient into transferring
funds into a fraudulent account.
How Does a BEC Attack Happen?
BEC attacks are often highly sophisticated and carefully planned,
making it difficult for a target to identify the scam. Cybercriminals
generally follow a pattern like the following:
P
Cybercriminals seek out situations in which fund transfers happen on
a regular basis, and they have been known to attack organizations of
all sizes across all sectors, as well as individuals. Anyone who is
authorized to complete financial transactions as part of a normal
course of business could be a target. Frequent victims include
company controllers, accountants, and parties involved with real
estate transactions (including agents, buyers, and sellers).
“
LAY THE GROUNDWORK
DO THE RESEARCH
INFOGRAPHIC
Who Is Targeted in a BEC Attack?
Attackers attempt to build relationships with individuals
who have access to financial accounts. They often use a combination of
phone calls and “spoofed” or hacked email messages, which appear as
leadership
in the enterprise email security
though they are coming froma trusted source (like a CEO, CFO, external
market is supplier,
driven or
by law
our firm).
commitment
to
Multiple communications
can take place over days,
weeks,
or even longer
in order
create a sense of trust and familiarity.
developing
innovative
solutions
that to defend
The attacker will identify an organization
and/or the targeted individual(s). They
will then gather information using social
roofpoint, a leading cybersecurity
media channels, publicly available data,
and phone
compliance
company, has
and
calls, developing
profiles
they can draw
to
been announced
as on
a leader
in
create believable communications.
PROOFPOINT
RECEIVED THE
HIGHEST RATING
IN THE CURRENT
OFFERING
CATEGORY.
enterprise email security in The Forrester
against THE
these
pervasive threats. We believe
STEAL
FUNDS
SET THE TRAP
Wave: Enterprise Email Security, Q2 2019. The money
that
our
ranking
as
a
leader
in
enterprise
Ultimately, the attacker asks the target to initiate a wire
is routed to an account
The report provides a detailed overview controlled
of
email
security By validates
transfer for a seemingly legitimate business reason.
by
the attacker.
the time our holistic people-
Because the target believes the attacker is someone they
the attack is centric
discovered,
it is generally
the enterprise email security market and
security
approach that integrates
too late to track or recover the funds.
evaluates vendors based on their current
email security with cloud security, trust,
data they often act on the request without reservation.
offering, strategy and market presence.
security and security awareness training.”
In the Forrester Wave report, which evaluated
Email remains
the preferred
attack Fraud?
vector
Are BEC Attacks
Strictly About
Wire Transfer
most commonly
tied to from
fraudulent
wire transfers, but
similar techniques
have a been
used
to
today’s leading enterprise email security BEC attacks
for are
cybercriminal
activity,
low-level
identifying
who within
given
company
has
obtain
sensitive
information,
like
wage
and
tax
statements
and
other
confidential
employee
data.
In
these
solutions, it was noted that ‘customers
cybercriminals to nation states. More than
access to the information they want and
cases, the target is asked to send employees’ personally identifiable information (PII) to a seemingly legitimate
praised Proofpoint for its technology
99%
of data
targeted
on the
are laser-focused on targeting those
requester, and
that
is then attacks
used to rely
commit
tax user
fraud to
and other they
crimes.
leadership, overall performance and [data loss activate them, whether that involves clicking
individuals directly. Proofpoint provides
prevention] (DLP) capabilities’. Proofpoint
on a macro, typing a password into a phishing unique visibility
into an organisation’s most
Source: Federal Bureau of Investigation Public
Announcement, July 12, 2018
BEC the
by highest
the Numbers
October 2013 and
2018: sending data to a business
received
rating between
in the current
site, May
or simply
targeted Service
employees
through an integrated
offering category, which
email compromise
(BEC) actor.
With accurate
threat 43,000
dashboard
that
spans across
$ 12.5 measures
billion criteria
78,000 global
incidents
victim
complaints
including email
filtering, losses
threat
intelligence,
malware
detection
and institutions
blocking, worldwide
coupled
malware,
phishing
Armed
in exposed
reported
by
reported
by financial
worldwide
with and
$ 3.6 email
billion fraud.
in
financial
institutions
worldwide
exposed
losses
cloud integration,
incident
response
and
with credential phishing and email fraud
with this granular
data,
security teams can
support and customer success.
protection, Proofpoint email security enables
better understand and respond to incoming
136 % increase in identified exposed losses between December 2016 and May 2018
administrators to quickly respond to security
threats and the campaigns and threat
“Threat actors are relentlessly targeting
incidents. The solution reduces potential
actors that are attempting to steal data.
Fraudulent wire
BEC scams reported in
individuals through the email vector
and
information loss and financial consequences
transfers sent to
150 countries and
the sophistication of these attacks is all rapidly
due to infection and compromise.
Proofpoint can therefore advise on the
115 countries
50 US states
evolving,” said Ryan Kalember, Executive
best ways to recognise and avoid business
Vice President of Cybersecurity Strategy
Rather than target high profile executives,
email compromise attacks, presented in
900 reported
W-2 phishing
in 2017
for Proofpoint. “Proofpoint’s continued Approximately
cybercriminals
have shifted
their focus attacks
to
the infographic. n
Source: Internal Revenue Service News Release, January 17, 2018
BEC Prevention and Protection
BEC attacks cannot succeed if you don’t take the bait! Use these tips to identify and avoid these types of attacks, and protect your organization’s
funds, your coworkers’ data, and your own reputation.
Be careful about your social
media posts and connections.
Consider all information shared
to be public and permanent.
If you believe you have been a
victim of a BEC attack, alert your
supervisor, financial institution, IT
department, and authorities as
soon as possible. Quick action
can help to minimize the damage.
Be on guard with all unsolicited
emails and phone calls. Even
seemingly small pieces of
information — like vendor names
and vacation schedules — are
useful to cybercriminals.
Verify originating email
addresses and phone numbers
when sensitive requests are
made. These details can be
spoofed by attackers to make
them look legitimate. In some
cases, cybercriminals are able
to steal email login credentials
and send messages from a
trusted account, making it
extremely difficult to spot a
fraudulent request.
Implement a form of
two-factor authentication
before initiating wire transfers
or providing sensitive data.
Call a known, verified phone
number and have a
voice-to-voice conversation
to confirm the request is
legitimate.
40 24th St., Pittsburgh, PA 15222
proofpoint.com/security-awareness
+1 (412) 621 1484 | +44 (0) 118 402 9163
Copyright © 2019 Proofpoint Inc.
www.intelligentcio.com
INTELLIGENTCIO
29