Tuesday, August 16, 2022
Techiexpert.com
No Result
View All Result
  • Login
  • Register
Exclusive Videos
  • Tech news
  • Startup news
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
  • Social Media
  • Tech news
  • Startup news
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
  • Social Media
No Result
View All Result
TechiExpert
No Result
View All Result

Business email compromise – when defying an ‘executive’ is the right thing to do

Srikanth by Srikanth
June 18, 2019
in Tech news
Reading Time: 4 mins read
Business email compromise – when defying an ‘executive’ is the right thing to do
9
SHARES
130
VIEWS
Share on FacebookShare on Twitter

Email security is a top-of-mind concern for many organizations, with business email compromise (BEC) gaining prominence as one of the lethal tactics adopted by cybercriminals to attack enterprises. Law enforcement agencies worldwide have been keeping a close watch on BEC scams as a result of the increasing losses year on year. According to the Federal Bureau of Investigation (FBI), BEC has incurred nearly $12.5 billion losses to companies as of 2018. On average, one successful BEC attack can cost the company $130,000. We reported the number of BEC attacks in 2018 increased by 28 percent globally.

Falling victim to a BEC scam has long been a problem that generally arises from human negligence and our natural inclination to do what someone in authority asks of us. Because these scams do not have any malicious links or attachments, they can evade traditional detections. These two factors make BEC a persistent threat for enterprises. Before we delve into what measures an enterprise need to take to mitigate risks associated with BEC, it is important to know how it works.

At the core of it, BEC is a form of spear phishing where an attacker, by pretending to be a high-ranking executive – usually the CEO, attempts to trick a victim – usually the CFO – into paying a fraudulent invoice. To do so, fraudsters carefully research and closely monitor the potential target victims – both the spooked executive and the one issuing the payment – and their organizations. The tone of the email is usually urgent.

It is also observed that most BEC attempts happen in countries with established business hubs and those that see a lot of multinational business operations.

Business email compromise – when defying an ‘executive’ is the right thing to do 1
Nilesh Jain – Vice President_Southeast Asia and India_Trend Micro

BEC persists and new trends arise

In India, some 1.5 billion email threats were blocked by us in 2018. BEC, as a form of email-based scam, remains a very potent and lucrative means of funneling money from companies. As per our security predictions for 2019, BEC scammers will target employees further down the company hierarchy this year, for example, secretaries or executive assistants.

In what appears to be a product of masterful social engineering, BEC scammers are also reportedly using domestic money mules recruited via confidence or romance scams. After grooming these victims, scammers will trick them into opening accounts that will only be used for short term, presumably to avoid being tracked by the authorities. Another phenomenon noticed is that some BEC victims are tricked to purchase gift cards. In this BEC variation, a cybercriminal posing as a person in authority may send a spoofed email, phone call, or text to a victim, requesting to buy gift cards for personal or business purposes.

Gearing up against BEC threats

Businesses are advised to stay vigilant and educate employees on how not to fall victim to BEC scams and other similar attacks. It’s true that cybercriminals usually prefer big companies but there’s little guarantee that small and medium-sized enterprises won’t get hit. For one thing, smaller companies tend to have less robust security infrastructure in place.

Here are some tips on how to stay protected and secure:

  • Be wary of irregular emails that are sent from C-suite executives authorizing an urgent payment. Look for discrepancies in the email address, the way it is written, the sign-off, and more. Review past emails that request transfer of funds to determine if this one is irregular.
  • Cybersecurity awareness training and enforcing best practices against email threats can help employees stay alert and not fall prey to these attacks.
  • Verify any changes in vendor payment details by using a secondary sign-off by company personnel.
  • Stay updated on your customers and vendors’ habits, including the details, and reasons behind payments.
  • Confirm requests for transfer of funds when using phone verification as part of two-factor authentication, use known familiar numbers, not the details provided in the email requests.
  • If you suspect that you have been targeted by a BEC email, report the incident immediately to law enforcement or file a complaint with the cybercrime department.

Organizations should consider using a multilayered identification process for transferring resources and invest in smart email protection. There are advanced security technologies available now that can prevent users and organizations from falling for BEC attacks. For example, by studying and learning the unique ways executives compose their emails, a new AI-based technology is able to pick up on tiny details that set authentic emails apart from fraudulent ones, leading to better detection of BEC scams.

BEC is here to stay, with Gartner predicting that through 2023, business compromise attacks will be persistent and evasive, leading to large financial fraud losses for enterprises and data breaches for organizations.

 (Authored by Nilesh Jain, vice president, Southeast Asia and India, Trend Micro)

Tags: email securityExpert OpinionsTech Stories
Share4Tweet2Share1Pin1

Most Read

  • What is windows modules installer ? How to Enable/Disable

    What is windows modules installer ? How to Enable/Disable

    1407 shares
    Share 563 Tweet 352
  • How to Track Activities an Instagram account?

    162 shares
    Share 65 Tweet 41
  • Are You Disturbed with a Mouse pointer? 5 Tips to hide mouse pointer in chrome

    198 shares
    Share 79 Tweet 49
  • How to draw/create a radius on google maps?

    137 shares
    Share 54 Tweet 34
  • How to make a chatbot using HTML

    258 shares
    Share 102 Tweet 64
  • How to use Technology to solve business problems – Practus

    14 shares
    Share 6 Tweet 4

Recent Stories

How to use Technology to solve business problems – Practus

How to use Technology to solve business problems – Practus
Share6Tweet4Share1Pin1

5 Ways E-Bikes Will Save Both Your Money and Time

Releasing prototypes create waves in the electric bike industry
Share5Tweet3Share1Pin1

How to use influencer marketing to boost your sales

How to use influencer marketing to boost your sales
Share5Tweet3Share1Pin2

4 Step Guide to Redesign Your Website

4 Step Guide to Redesign Your Website 2
Share4Tweet3Share1Pin2
  • Terms of use
  • Privacy Policy
  • About Us
  • Contact us
  • Write For Us
  • Cookie Policy

© 2022 All Rights Reserved

No Result
View All Result
  • Tech news
  • Startup news
  • Artificial Intelligence
  • IOT
  • Big Data
  • Cloud
  • Data Analytics
  • Machine Learning
  • Blockchain
  • Social Media

© 2022 All Rights Reserved

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Cookie Law Notice
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
SAVE & ACCEPT