• Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
  • Events
  • Whitepapers
  • Spotlights
  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
  • Newsletters
  • Sign in
  •  
      • Newsletters
      • Account details
      • Contact support
      • Sign out
     
     
    • You are currently accessing Computing via your Enterprise account.

      If you already have an account please use the link below to sign in.

      If you have any problems with your access or would like to request an individual access account please contact our customer service team.

      Phone: +44 (0) 1858 438800

      Email: customerservices@incisivemedia.com

      • Sign in
     
  • Follow us
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • YouTube
  • Register
  • Events
    • Upcoming events
      event logo
      The Pesky Password Problem: What place do passwords have in the modern workplace?

      In this webinar you'll learn: Why passwords are so easy to hack, and how the bad guys do it. How to craft a secure, risk-focused password security policy. The truth about password managers and multi-factor authentication and how they impact our risk. How to empower your end users to become your best last line of defence

      • Date: 21 Jan 2021
      event logo
      Where the buck stops: Why a shared responsibility model will help you own your cloud security flaws

      This webinar, and accompanying dedicated research, will reveal to what extent organisations are practicing a shared responsibility model for cloud security today and the degree to which IT leaders are aware of what they should be doing to ensure the secure use of their multi- and hybrid-cloud environments.

      • Date: 27 Jan 2021
      event logo
      Leveraging the Cloud to Defeat Data Disasters

      Join us and learn how your IT team can realize many of the powerful advantages of the cloud and solve the operational complexity behind managing data across hybrid and multi-cloud IT environments with centralized management, automation, end-to-end security, and lower TCO.

      • Date: 28 Jan 2021
      event logo
      Deskflix Hybrid and Multi Cloud

      One of the most powerful tools for breaking down silos and integrating resources is cloud computing. But multi-tenancy cloud is not the ideal environment for every application or every class of data and some will need to remain on-prem for the foreseeable future; nor are all clouds equal. Tune in to Deskflix season 1 to hear industry experts speak on the questions you need answered on hybrid and multi cloud.

      • Date: 10 Feb 2021
      View all events
  • Whitepapers
    • LATEST WHITEPAPERS
      Darktrace 120x194
      Cyber AI Response: Threat Report 2019

      This white paper details 7 case studies of attacks that were intercepted and neutralised by Darktrace cyber defense AI, including a zero-day trojan in a manufacturing company's network. Learn how Darktrace Antigena AI Response modules fight back autonomously, no matter where a threat may emerge, extending to the Cloud, Email and SaaS.

      Download
      Darktrace 120x194
      Cyber AI & Darktrace Cloud

      This white paper explores how cloud is a security blind spot for many organisations who struggle with the limited visibility and control in this new environment, where their existing security tools are often not applicable.

      Download
      Find whitepapers
      Search by title or subject area
      View all whitepapers
  • Spotlights
    • Spotlights

      Welcome to Computing's Spotlight section, where we focus in on particularly important themes and topics of enterprise IT.

      Intel logo

       

      Endpoint Management and Security Hub

  • IT Leaders 250
  • Research
  • Delta
  • Tech Marketing Hub
  • About Us
Computing
Computing
  • Home
  • News
  • Big Data & Analytics
  • DevOps
  • Security
  • GDPR
  • AI & ML
  • Women in Tech
  • Cloud & Infrastructure
  • CIO
  • Deskflix
 
    • Newsletters
    • Account details
    • Contact support
    • Sign out
 
 
  • You are currently accessing Computing via your Enterprise account.

    If you already have an account please use the link below to sign in.

    If you have any problems with your access or would like to request an individual access account please contact our customer service team.

    Phone: +44 (0) 1858 438800

    Email: customerservices@incisivemedia.com

    • Sign in
 
 

Sponsor content:

What's this?

This content has been provided by our sponsors and is a paid advertisement.
  • Security

Understanding Business Email Compromise: An organisation's most expensive enemy

Online fraud in the business world is growing more sophisticated - and expensive.

Understanding Business Email Compromise: An organisation’s most expensive enemy
Understanding Business Email Compromise: An organisation’s most expensive enemy
  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
0 Comments

It's been a long time since a threat focused the attention of cyber-security professionals quite like Business Email Compromise (BEC) and Email Account Compromise (EAC). Dubbed 'cyber-security's priciest problem', social engineering-driven cyber threats like BEC and EAC are purpose-built to impersonate someone users trust, and trick them into sending money or sensitive information.

These email-based threats are a growing problem. Recent Proofpoint research has shown that more than 7,000 CEOs or other executives have been impersonated since March 2020. Overall, more money is lost to this type of attack than any other cybercriminal activity. In fact, according to the FBI, these attacks have cost organisations worldwide more than $26 billion between June 2016 and July 2019. Gartner also predicted that through 2023, BEC attacks will continue to double each year, to over $5 billion, and lead to large financial losses for enterprises. 

Unfortunately, given the overall success rate and low cost of executing email fraud attacks, it is likely that organisations are only seeing the tip of the iceberg in terms of both direct and indirect damages resulting from these types of assaults, which continue to scale and evolve.

Identifying a BEC attack

To understand the continued success of BEC, we must first understand the mechanics of an attack.

These attacks occur when a cybercriminal poses as a trusted individual within an organisation to reroute funds or access privileged data. These attacks are usually highly targeted, aimed at specific decision-makers or those in authority.

There are usually four stages to a sophisticated BEC attack:

  • The research: Unlike mass, blanket attacks, BEC attackers usually take the time to identify specific individuals within an organisation. Information is gathered from a range of sources to create believable communications once the account is compromised. 
  • The groundwork: BEC attackers often attempt to build relationships with those who have financial decision-making authority. Usually through spoofed or compromised email accounts, this interaction can take place over days, weeks or even months to build trust and familiarity. 
  • The trap: Once the attacker has compromised an account, or accounts, and is satisfied that the victim believes them to be genuine, they make their move. In most cases, the target is asked to initiate a wire transfer or alter payment details on an existing pending payment. 
  • The fraud: Believing the request to be genuine, the victim sends funds to the fraudster's account. These are usually moved on quickly, making them harder to recover once the fraud has been discovered.

So what do these attacks look like in real-life? Proofpoint has recently identified the following trends in BEC attacks that organisations must be aware of.

BEC Payroll Diversion Scams

BEC payroll diversion scams are similar to other BEC attacks by relying on impersonation and social engineering to convince the target victim to send money to the attackers. In this case, the attackers target the payroll process of a company and attempt to redirect legitimate payroll payments from their intended destination accounts to accounts under the attacker's control.

BEC payroll diversion scams are by necessity very focused in their targeting. To succeed, these scams must correctly identify someone in the HR or payroll department to make changes to an employee's direct deposit information.

The latest FBI data shows that the dollars lost as a result of payroll diversion scams have increased more than 815% between the 1st January 2018 and 30th June 2019. 

BEC Gift Card Scams

BEC/EAC gift card scams are similar to other attacks of this nature.

In this case, attackers will try to convince the target victim to send money to them using popular retail gift cards rather than through wire transfers. In gift card scams, the attackers will frequently impersonate the CEO or other high-level executive in the business as part of the scam.

Attackers abuse gift cards in BEC/EAC attacks because it is a quick and easy way to for them to get money from their targeted victims: the victims don't have to navigate complicated wire transfer instructions - they just go and purchase gift cards from well-known, recognised and trusted retailers.

Abusing gift cards like this is also a quick, easy and simple way for attackers to effectively launder stolen money. Instead of receiving the stolen money directly, the attackers receive the money by way of the retailer whom the targeted victim purchased the gift card from.

Tackling this expensive enemy

Because cybercriminals employ multiple tactics and combinations of impersonation and account compromise, defending against one or two of these tactics is insufficient to address the threat as a whole. 

As BEC/EAC attacks target people, rather than infrastructure, organisations must ensure they are delivering ongoing, comprehensive cyber security awareness training to all employees, across all functions, to help their people identify these impersonation emails and act against them.

Organisations should also invest in an email security solution that detects and stops impersonation, account compromise, credential phishing and social engineering.

To build such a solution, email security providers need access to the right data sources: email traffic, cloud account activity, user data and domain data. With that information, threat analysts and machine learning models can detect the use of multiple tactics in these types of attacks and implement integrated, adaptive controls across the attack surface of email, cloud accounts and people.

Ultimately, BEC works because it is low-profile and unassuming. Rather than trying to spot a smoking gun, organisations should train their employees to be vigilant about all forms of email communication.

Additional verification may add a few minutes of inconvenience when approving a genuine request, but that's nothing compared to the pain of a successful BEC attack.

Adenike Cosgrove is a Cybersecurity Strategist (International) at Proofpoint

  • Tweet  
  • Facebook  
  • LinkedIn  
  • Send to  
  • Topics
  • Security
  • Proofpoint
  • phishing emails
  • business email compromise
  • email
blog comments powered by Disqus
Back to Top
  • Contact
  • Delta
  • Marketing solutions
  • Enterprise IT Events
  • Incisive Media
  • Terms & conditions
  • Policies
  • Careers
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • YouTube

im_logo

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017
Loading