How to Prevent Business Email Compromise (BEC) Attacks?

Nonprofits are experiencing an increase in Business Email Compromise (BEC) attacks, which have reached 35%. Cybercriminals have no mercy and target donor data, financial transactions, and internal communications.

BEC attacks aren’t new. They are a sophisticated social engineering tactic that relies on the victim’s naivety. Well-crafted phishing emails can bypass spam and even the best email security measures. Learning how to prevent BEC attacks is a must to stay protected in today’s growing threat landscape.

This guide will tell you everything you need to know to prevent BEC attacks and what to do about them.

What is Business Email Compromise (BEC) Attack?

A Business Email Compromise Attack (BEC) is also known as an Email Account Compromise (EAC) attack. The attacker sends a message to you that may come from a legitimate source. The message is not immediately noticeable, so it is so dangerous.

For example, let’s say your company deals with a vendor who regularly sends you invoices monthly. A BEC attacker may craft a replica invoice and send that to you from an eerily similar domain. If you have an assistant in your company who is an insider, they can launch a BEC attack too. You may ask them to purchase gift cards for your employees as a reward for their good work. The person requests their serial numbers so that they can email them right away after the buyout. A homebuyer may also get a message from a realtor via email, on how they can wire the down payment for a potential house they are interested in, and send a link.

How Do BEC Attacks Work?

Here is how BEC attacks work:

• The sender usually has slight variations in their email address which often go unnoticed. For example, elon.musk(at)paypal(.)com may be spoofed with a similar email address going by [email protected]. The domain names look too authentic and it’s hard to guess they’re different. You miss those little details when you’re busy working through your day.
• BEC attacks can originate in spear phishing emails and target trusted employees in your organization. These messages may come from trusted senders who have high-ranking authority. New employees who don’t know them well can easily fall prey or get victimized. They may accidentally share their sensitive credentials, data, and other information while interacting with them. By the time they realize what’s going on, it’s too late.
• If a hacker somehow manages to infiltrate your company’s databases, they can gain access to your email lists, threats, billing, and invoice details. They can time their attacks to match pay or transaction cycles so that financial officers, accounts departments, and CFOs don’t question. Your team will respond to their payment requests and approve them unknowingly. These hackers may also embed malicious links in their emails to steal additional information, such as usernames and passwords.

A business email compromise attacker may ask you to make wire transfers, work with overseas suppliers, or use public email addresses for executives. Then you’ll automatically fall in their radar. They can gather information about you from publicly available sources, check your user profiles online, and compromise other email accounts to gain insights into your ongoing business operations and relationships.

Most business email compromise attacks are financially motivated, and it’s common to pose as the CEO or vendor or ask personnel with financial access to reroute wire transfers to fraudulent bank accounts. Sometimes they may use these attacks to retrieve sensitive data to use for launching another attack.

They might sell your details on the dark web and aim just for your login credentials. These can be used to take over accounts and use them for later attacks. You can use a domain checker to analyze if your domain is vulnerable or open to these types of threats.

A massive cost of business email compromise is how it can destroy your organization’s reputation. Not only will adversaries slow down your operation, but they can take over your resources and delete them.

You should focus on encrypting your data, prevent impersonations, and enforce multi-factor authentication to stay ahead of them. Email security doesn’t have authentication protocols built in place by default. So you will have to check with your email service provider to see if they have enforced any security policy frameworks. Attackers can easily fake display names and sender addresses of incoming email messages. Lookalike domains are very notorious and common.

How to Detect a Business Email Compromise Attack?

Here are a few ways you can spot business email compromise attacks:

• Look carefully at the sender’s email address. Sometimes the username or real name of the person is mentioned. It may have their initials or full name present. You may also examine their display picture, but photos change, so that’s not foolproof.
• Take a look at the domain name. If there are any misspellings or variations from the original ones you are used to, then that’s a dead giveaway.
• Some words in your email might be highlighted or underlined. They may evoke a sense of urgency and get you to click on them. These contain malicious links, so watch out for them. Some reasons the attacker may give to manipulate you into clicking are: to review your account policies, prevent account closures (renew), re-subscribe to your existing services, etc. You should assume by default that these links are suspicious, so don’t emotionally get charged and act on them. Wait it out and verify on your end. Don’t panic and react.
• Sometimes an attacker may hijack an employee’s account and take over them. You won’t see that one coming. They can hack their accounts and send emails from insider your organization. This one is tough to deal with but not impossible. Verify with your employees in-person and over the phone once. Talk to them over video and point out those emails. If they got hacked, they will tell you, and you can take appropriate action from there.

Best Practices to Prevent BEC Attacks

Here is a list of the best practices to prevent BEC attacks:

• Educate your employees and teach them how to learn how to prevent BEC attacks. Security awareness and training is one of the most critical steps to take. When they learn how to recognize warning signs like suspicious email addresses and unusual requests, they will be much safer.
• Enforce multi-factor authentication to mitigate the risk of a threat actor using stolen credentials to access email accounts and carry out BEC scams. Enforce strict access control policies and procedures to validate and authorize financial transactions and secure access to confidential information.
• Establish authority limits, limit approvals, and verify every change made to payment data.
• Check the URLs of links and don’t open attachments in emails until you verify them. Scan attachments for malware and avoid downloading files from untrusted sources.
• Regularly patch and update your systems. Keep your software up to date. Security teams should also apply continuous monitoring and anomaly detection solutions to identify unusual patterns and suspicious behaviors.
• Eliminate gaps in visibility by using trusted tools like SentinelOne. Correlate telemetry from multiple sources to get better attack context and reduce detection and response times.
• Have data backup and security measures in case of rare moments when a breach happens without your notice.
• Have strong identity and access management measures in place. Most BEC attacks don’t include CIS controls, so consider them. To do this, inventory active and inactive accounts, including deactivated ones. Check your access processes, including access revocation processes, and establish them.

Real-World Examples of BEC Attacks

Here are some real-world examples of BEC attacks:

1. A chemical manufacturing firm lost USD 60 million in a business compromise email attack. A non-executive employee of the company was tricked into accidentally transferring funds to third-party accounts. No additional evidence of fraudulent activity was found after that and the adversaries vanished like ghosts. Orion is still investigation and working with law enforcement to get leads. The attackers didn’t even attempt to gain unauthorized access to their systems or leave traces.
2. APAC businesses have been witnessing an increase in BEC attacks. Advanced email attacks have increased by almost 27%, from 472 to 600 attacks per 1,000 email inboxes. Phishing campaigns were used to carry out complex cybercrimes and acted as a gateway to these infiltrations. BEC attacks experienced a 6% year-by-year increase and bypassed traditional security measures.

AI-generated deepfakes and voiceovers are making conducting BEC scams more straightforward than ever. According to the FBI, USD 2.9 billion was lost due to BEC attacks, compared to ransomware, which cost organizations USD 59.6 million. The messages looked like they came from contractors, business partners, and CEOs. The scammers deceived victims and duped them into providing transactional details to extort and exploit money from organizations.

Mitigate Business Email Compromise (BEC) Attacks with SentintelOne

SentinelOne can help you prevent Business Email Compromise (BEC) attacks by scanning your user accounts, endpoints, and networks for anomalies and signs of suspicious activities. SentinelOne offers AI threat protection with an Offensive Security Engine™ and Verified Exploit Paths™ that can predict attacks before they happen. It scans your infrastructure, cloud estate, assets, and resources.

Singularity™ XDR provides AI-powered prevention, detection, and response across endpoints, cloud workloads, and IoT devices. SentinelOne Storyline™ correlates detections and activity data across security layers, including email, endpoints, mobile, and cloud, when a threat is detected. Analysts can streamline the organization’s response by automatically suspending email for a given user, blocking the user’s email, or quarantining them. Upon detection of the threat, SentinelOne can automatically suspend the last logged-in user’s ability to send an email, helping secure a critical lateral movement path.

SentinelOne’s Purple AI, a gen AI cybersecurity analyst, can deliver security insights about your infrastructure and provide personalized recommendations on improvement. Singularity™ Threat Intelligence can speed up investigations and enhance threat hunting by providing actionable global threat intel about adversaries. It can help you stay ahead of attacks and analyze data from multiple sources, regardless of their data types. It can also contextualize incidents by attributing them to specific threat actors, malware strains, and active campaigns targeting your organization.

Book a free live demo.

Conclusion

Now you know how to prevent BEC attacks. Just implement the security measures right for your organization and audit all your accounts, workflows, and controls.

Check your security policies and ensure that nothing is out of place. You also want to review the compliance status of your organization so that you know there are no opportunities for malicious threat actors to exploit them.

Consult security experts at SentinelOne for additional assistance today.