Global loss due to business email compromise has exceeded $12.5 billion, warns the FBI’s Internet Complaint Center, or IC3. BEC is on the rise, claiming it one of the most dangerous threats to email security.
The FBI’s statistics on Business Email Compromise, the law enforcement agency, has witnessed a 100 percent raise over the past twelve months in the global exposed business losses to BEC.
Between June 2016 -July 2019, there were a total of 166,349 BEC incidents reported to the FBI, which led to total losses over twenty-six billion dollars.
Worse of all, the cybercriminals involved in such kind of attacks don’t limit themselves to Fortune 500 companies.
They are just as likely to target small to medium-sized businesses as they are to target major international firms.
Usually, a BEC attack works something like this:
A fraudster will sound as- a trusted business partner or a high ranking company official and start email communication with a mid-level employee at your firm.
Throughout the conversation/communication, a request will be sent to the employee to transfer funds to what the employee believes that an account belongs to a longstanding business partner.
Assuming that they’re making the bid of a trusted business partner or their CEO, these transfers are often made without a second thought.
Literally, by the time it is discovered that the person the employee was communicating with was a fraud, the money is already gone and impossible to recover.
A (Business Email Compromise) BEC attack can take other forms too, however.
The punch line is that this kind of issue is getting worse and increasingly common. Be sure your employees are mindful and are aware of who they’re releasing funds to.
Ransomware isn’t too surprising. Still, the wire transfer fraud claims we’re seeing are trending in a bad direction-If you’ are sending a wire transfer, pick up the phone and call the person who’s getting it.
If you glance at the FBI statistical data from December 2016-May 2018, the BEC scam continues to grow, 136% increased, and targeting medium, small and large scale business, and also personal transactions.
The victims of Business Email Compromised also come from many industries, which means no one sector is a favored target.
Why are these attacks so successful?
- Firstly, these attacks are highly targeted. Fraudsters are opportunistic and will slot in into high dollar transactions.
They have displayed they will imitate trusted identities to target employees, their customers, and their business partners.
Because these attacks are sent across in low volumes, hence anti-spam technologies cannot detect these attacks.
- Secondly, these attacks usually don’t consist of a payload. The malicious content is just the request created by the cyber attacker within the email.
As there is no malicious attachment or URL to analyze, therefore anti-virus technologies are not detecting such threats.
Finally, these attacks prey on human nature. Attackers using identity deception to steal valuable information and money are aiming people within organizations that can put into action the attacker’s plans and devises.
They are asking the victim to do their job.
These requests are even expected by the victim and don’t raise any red flags. Due to such factors, policy configurations at the email gateway often can’t detect these attacks
How to protect your people and organization.
- Attackers make use of different identification tricks to target an organization’s partners, employees, and consumers with impostor email attacks.
- We suggest you adopt a multi-layered security approach to stop these attacks before they reach the people you are trying to protect.
- Email authentication It is a usual method to authenticate attributes we need to trust, such as; applications, devices, financial transactions, and even physical accessibility.
- As the first threat vector to organizations today, email should be authenticated as well.
- Email authentication is a vital identity verification layer and can block fraud emails before they reach the gateway platform.
- Dynamic email classification. Once you have validated the identity of the email sender, dynamic email classification will take care of the context and content of the email entering into your organization/firm.
- This layer of security will view at the sender’s email relationship history, the email’s subject line credibility, and more of such elements.
- You can also score an email based on the possibility that it is a fraud and then decide upon what to do with emails based on their scores.
- Security training and awareness Because attacks are created to bypass traditional security layers, and people are left as the last line of defense.
Business Email Compromise
Consequently, emails consist of a forged company domain and private information, email signature, about the organization’s products, finances, internal organization, and market plans.
In many cases, attackers utilize the executive’s language mannerisms in internal communication and even confirm money transfer requests via phone call.
This is the reason why a BEC scam is difficult to discover because it seems to be legal from the company’s perspective and uses social engineering techniques. So, everyone in the company must be informed about the risks of BEC.
why it matters to your business
Protection against email threats is a significant concern for cybersecurity in the industry. Email attackers use tactics to, steal sensitive information, send malware, or manipulate employees to become victims and cause enormous financial damages to their companies.
Usually, a BEC scam target business working with foreign suppliers and businesses that perform with wire transfer payments.
If you glance at the Fraud Bureau Investigation FBI statistical data from December 2016 -May 2018, the BEC scam prolongs to grow, 136% increased- targeting small, medium and large businesses as well as also personal transactions.
The victims of BEC also come from a variety of industries, which means there’s no one sector that is a favored target.
Remember, online criminals, are always adapting and changing their sophisticated attacks. Are you ready? Act now! Or you will incur a significant loss and see the downfall of your company right in front of your eyes.
To help you not be the victim of such loss we the ITS Guru professionals are all here to help you and let your business grow.