Connect with us

BUSINESS

What is business email compromise?

What is business email compromise? 29

By Andrew Milne, Field Effect 

Business email compromise (BEC) is a low-cost, effective cyber crime tactic that has increased within the past few years. BEC puts any company that manages financial transfers and payments at risk.

Consider this, recent research shows that on average, more than 6,000 organizations were targeted by BEC emails each month from July 2018 to June 2019. Businesses also received an average of five BEC scams per month during this time period.

In fact, one study showed that cyber insurance claims from BEC attacks were actually higher than those from ransomware incidents (23% vs 18% of incidents in 2018). Additionally, the 2018 FBI Internet Crime Report found 20,373 complaints related to BEC.

Let’s look at why these types of inexpensive, low-effort attacks are on the rise and how your business can stay protected.

What is business email compromise?

Business email compromise is a social engineering scam, typically targeting a company’s financial and procurement departments, that attempts to initiate a financial transfer to an attacker-controlled account.

Tricks to obtain account credentials and facilitate this type of transfer include:

Invoice payment requests

  • Attackers may use a legitimate or falsified invoice from one of your vendors or suppliers to request a payment to an account they control.

CEO fraud

  • Attackers may pose as your CEO (or another high-ranking executive) in order to request a payment to an account they control.

These types of tricks or lures are designed for credential harvesting, attempts to grab user IDs and passwords using a range of social engineering techniques. Spear phishing is often used in credential harvesting to gain access, sending emails specifically to an individual at a business or organization to trick the recipient into sharing sensitive information or taking an action through links to malicious websites or attachments.

Tactics to produce transfers and payments

Once an attacker has established access they will often search the account(s) for emails or data that could be repurposed to solicit a payment. The legitimate account(s) is then used to correspond with internal or external contacts in order to initiate a payment.

Here are a few tactics frequently used:

Inbox forwarding rules

  • Attackers create rules that will forward all (or select emails) to an attacker-controlled account.  Even if a password for the compromised account is changed, attackers can still maintain access to email content. For example, an attacker might create a rule to forward all emails with the subject “invoice” or with a specific sender address (e.g. the email address of a client of the compromised company). Attackers may also create rules to hide correspondence between the account and other victims (both internally and externally)

Typo-squatted domains

  • Typo-squatting is the process of creating a domain that appears similar to the domain of a legitimate service or company (e.g. com). In spear phishing, attackers will often use these domains in conjunction with credential harvesting interfaces — fraudulent login pages used to collect credentials from unsuspecting users. With financial redirection attacks, attackers may use these domains to continue correspondence when access to a compromised account has been lost.
  • Our Field Effect team analyzed one typo-squatted domain case where once a password had been changed on a victim account, the attacker registered a domain similar to the targeted company and then continued to solicit false payments from the client of the targeted company.

Lateral movement

  • Lateral movement refers to the techniques used by attackers to move between corporate assets during a compromise (e.g. workstations, accounts etc). In a BEC attack, an attacker will often use access to a legitimate account to compromise other accounts in an organization or move onto other clients.
  • In several cases of lateral movement, our Field Effect analysis showed that an attacker would send spear phishing emails to colleagues and clients of a compromised employee to gain access to a department or individual (e.g. an employee in payroll or a procurement officer) or an entirely new target (e.g. a partnering organization of the original compromised employee). Attackers may also distribute malware to other victims on the network (if not already used in the initial exploitation).
Continue Reading

Recent Posts

The lockdown money revolution 30 The lockdown money revolution 31
FINANCE2 days ago

The lockdown money revolution

By Granville Turner, Director at Turner Little. Many Brits have found that lockdown has been beneficial for their money, having...

Self-employed taxpayers and Making Tax Digital 32 Self-employed taxpayers and Making Tax Digital 33
BUSINESS2 days ago

Self-employed taxpayers and Making Tax Digital

By John Hemming, CEO of Cirrostratus Exedra, the company that runs the VAT Direct Making Tax Digital Service The HMRC’s ambition...

Auditor regulation and litigation - down to the Wire(card)? 34 Auditor regulation and litigation - down to the Wire(card)? 35
BANKING2 days ago

Auditor regulation and litigation – down to the Wire(card)?

By Tom Snelling, partner at Signature Litigation and David Entwistle, a regulatory lawyer and legal risk specialist Introduction The collapse...

Why it’s time to adapt to the virtual world: how to master online negotiations 36 Why it’s time to adapt to the virtual world: how to master online negotiations 37
TECHNOLOGY2 days ago

Why it’s time to adapt to the virtual world: how to master online negotiations

By Tony Hughes, CEO at Huthwaite International, a leading global provider of sales, negotiation and communication skills development Virtual negotiations...

Protecting against man in the middle attacks with dynamic linking 38 Protecting against man in the middle attacks with dynamic linking 39
FINANCE1 week ago

Protecting against man in the middle attacks with dynamic linking

By David Vergara, Senior Director of Product Marketing at OneSpan In recent years, the booming growth of mobile applications has...

The Case for Banks to Digitally Transform: Iterating out of lockdown 40 The Case for Banks to Digitally Transform: Iterating out of lockdown 41
BANKING1 week ago

The Case for Banks to Digitally Transform: Iterating out of lockdown

By Sudeepto Mukherjee, Senior VP, Banking EMEA & APAC, Publicis Sapient. Before COVID-19 disrupted every imaginable part of society, banks...

Difficulties of Getting on the Property Ladder Post-Pandemic 42 Difficulties of Getting on the Property Ladder Post-Pandemic 43
LIFESTYLE1 week ago

Difficulties of Getting on the Property Ladder Post-Pandemic

There is a lot of talk about what’s going to happen to the housing market over the next few months....

Russian Doll: Building digital capabilities into a bank’s core 44 Russian Doll: Building digital capabilities into a bank’s core 45
BANKING1 week ago

Russian Doll: Building digital capabilities into a bank’s core

By Ian Johnson, Managing Director of Europe, Marqeta COVID-19 has left its mark on every industry, and banking is no...

How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 46 How the US and Europe's COVID-19 Responses Have Affected Exchange Rates 47
TRADING2 weeks ago

How the US and Europe’s COVID-19 Responses Have Affected Exchange Rates

In living memory, few events have thrown the reputations of different countries and regions under such intense scrutiny as the...

Recognising the surprise PE investment potential in southern Africa 48 Recognising the surprise PE investment potential in southern Africa 49
INVESTING2 weeks ago

Recognising the surprise PE investment potential in southern Africa

By Martin Soderberg, partner at SPEAR Capital. An event of historic significance passed largely unnoticed in the world’s media recently,...

Why Banking is experiencing a second wave of transformation 50 Why Banking is experiencing a second wave of transformation 51
BANKING2 weeks ago

Why Banking is experiencing a second wave of transformation

By Keith Pearson, Head of Financial Services EMEA, ServiceNow The financial landscape has seen significant changes in the last six...

Making your mark: an introduction to trademarks 52 Making your mark: an introduction to trademarks 53
TRADING2 weeks ago

Making your mark: an introduction to trademarks

By James Turner, Director at  Turner Little  Are you looking to protect your brand? The chances are, you are –...