ICFiles
SOC 2

content

Secure File Transfer Soc 2 starts at $1 per month

Join Us

 

ICFiles Logo

 

How to Stay Safe with Business Email Compromise on the Rise

What's New in Technology

November, 2019

Get this Article  Get this Article & Suite of Tools

How to Stay Safe with Business Email Compromise on the Rise

Email Compromise, hacked emailAccording to a report by the Financial Crimes Enforcement Network (FinCEN) released in July, financial institutions have incurred more than $9 billion in losses due to Business Email Compromise (BEC) schemes since 2016. With such staggering losses, businesses and even individuals can’t afford to ignore BEC attacks.

What is BEC?

BEC fraud involves cyber thieves posing as company executives or a business contact with the intention to commit wire transfer fraud or obtain sensitive information. The main targets are businesses working with foreign suppliers or a business that carries out regular wire-transfer payments.

To carry out this attack, criminals might pretend to be the company CEO and request that a junior staff member perform a task for them, such as transferring funds. Attackers take advantage of the fact that most organizations don’t have a set procedure to verify instructions received from the top management.

How Attackers Collect Data from their Targets

Cyber criminals use various techniques to carry out BEC fraud, with the main aim of stealing funds from the victims. The techniques used include:

  • Imposter techniques – this can be carried out in various ways. Attackers use a look-alike domain, display-name deception and spoofed emails that appear to come from legitimate addresses.
  • Social engineering – when a target has not set appropriate privacy settings on social media accounts, an attacker can easily collect information that will make their requests sound legitimate.
  • Malware – this enables attackers to have access to sensitive information that makes the fake request sound legitimate.
  • Mining from the Dark Web – here attackers can obtain stolen credentials.

How to Avoid BEC Attacks

It is difficult for conventional security systems to detect BEC schemes. Consider a case in which a transaction is initiated willingly by a legitimate user in response to a request from a legitimate source. Such an email has no payloads such as malicious attachments that can be blocked.

Here are some methods to help reduce the possibility of these attacks:

  • Raising awareness of common attack scenarios or tactics used by the cyber criminals, such as a false domain name that looks almost like the original one, impersonation of a vendor, false sense of urgency or a request for secrecy.
  • Training employees on cyber security risks and implications.
  • Implementing email authentication protocols like Domain-Based Message  Authentication, Reporting and Conformance (DMARC) and email authentication, such as DomainKeys Identified Mail (DKIM).
  • Using layered defense, such as encryption, and virtual private networks.
  • Implementing a multifactor authentication that will introduce a secondary authorization control. This will help stop attackers even when they have access to the target’s credentials.
  • Establishing communication protocols that will allow for a follow-up. For instance, if the person is requesting financial transactions, an employee should call to ascertain the request.
  • Scrutinizing all emails that request for fund transfer.
  • Monitoring incoming email, especially those that use VIP names.
  • Optimizing accounting systems and controls.

Final Thoughts

Apart from taking precautionary measures, businesses also should make sure that their insurance specifically covers BEC attacks, as courts might have different interpretations of policies. Consider the case of Apache Corporation, which lost $7million due to a BEC attack. The judge ruled that since the money was sent to pay a legitimate invoice to the wrong bank, it was not covered by their insurance policy.

Note that a majority of these criminals are from countries that might not have strict laws on cybercrime, making it difficult to have them prosecuted.

So, whether you run a small, medium or large business, or even a personal account, it’s vital that you take precautionary measures against the increasing BEC schemes.

Get this Article  Get this Article & Suite of Tools

 

These articles are intended to provide general resources for the tax and accounting needs of small businesses and individuals. Service2Client LLC is the author, but is not engaged in rendering specific legal, accounting, financial or professional advice. Service2Client LLC makes no representation that the recommendations of Service2Client LLC will achieve any result. The NSAD has not reviewed any of the Service2Client LLC content. Readers are encouraged to contact their CPA regarding the topics in these articles.

Protected by Copyscape Plagiarism Finder

Dynamic Content Powered by Service2client.com
SEO Content Powered by DynamicPost.net

 

ICFiles
SOC 2

content

Secure File Transfer Soc 2 starts at $1 per month

Join Us

 

content

 
website bundles

MyWeb, WordPress
1 Click Hosting
Install free themes

websites

Hosting Bundles

 
 
Electronic Commerce

Copyright © 2024 Service2Client, LLC All Rights Reserved.
Terms of Service  |  Privacy Policy

CPA Website Content Powered by Service2Client.com


 

CLOSE