Business Email Compromise is an increasingly common cybercrime tactic today that doesn't rely on technical vulnerabilities at all—it relies on you. Could you be putting your organization at risk?
A recent report by Palo Alto Networks has identified an uptick in Business Email Compromise attacks, as a result of the standardization of the attack vector. Cybercriminals can now acquire and deploy the weapon “as a service”, making attacks more effective and more common.
Are you sure your business is properly defended? Orbis Solutions will help you mitigate the threat of Business Email Compromise. Get in touch with our team to discover how.
Business Email Compromise is a social engineering technique used by cybercriminals in which they pose as a business or member of a business in order to execute fraudulent payments. In order to effectively defend against scams like this, you have to first understand how they are executed.
In layman’s terms, a cybercriminal will write an email pretending to be from a known contact or organization (e.g. your bank), and request that a payment be processed—instead of sending the funds to a legitimate source, the payment will go to them.
Business Email Compromise can be carried out in a number of ways:
In some cases, cybercriminals may only spoof an email address, and in others, they’ll directly breach the target’s account. Once a cybercriminal has gained access to a target’s email address, they can begin sending payment requests or simply redirect all invoices to a private folder for their perusal. Whether they’re redirecting incoming or outgoing funds, the end result is still the same—your business loses money.
Alternatively, cybercriminals can simply intercept an important financial document such as an invoice. They can either change the payment details or inform the recipient that the details have changed, substituting their own bank account for the business’.
Let’s look at the facts—the average wire fraud attack costs $567,000, and the highest recorded was $6 million. The FBI estimates that BEC attacks cost a total of $1.87 billion just last year.
If you’re skeptical of how this type of scam could cause so much damage, consider the average amount you’re sending or receiving via wire transfer or invoice payments. In April 2020, one small business lost $15,482 in an instant when a cybercriminal intercepted a PDF invoice and redirected the funds to their account.
If just one fraudulent or misplaced email could cost you tens of thousands of dollars, it quickly adds up. That’s why you need to understand how Business Email Compromise works and how to defend against it.
While the CEO is often a target, cybercriminals can do plenty of damage by going after other members of an organization. There are a number of key, high-value targets that make it worth the cybercriminal's time to go after.
Whether it's their authority or their access to confidential information, these groups are all at risk for Business Email Compromise:
Know Your Targets
By noting the above listed key targets, you can examine the role they play in cyber security, and how their access and authority is being protected:
Defend Your Organisation
Implementing the right range of cyber security solutions can help to protect common points of penetration for cybercriminals:
Implement A Robust Security Policy
You need to dictate how members of the organization, top to bottom, contribute to your cyber security. Everyone with access to your IT environment should follow these best practices:
Plan Ahead To Mitigate Cyber-Risk
You need to develop a comprehensive cyber-incident response plan for your organization. Make sure to test it regularly, and update it to address any shortfalls. Make sure to implement your plan properly—it won't work if your staff doesn't know about it, and can't participate in it:
Test Against Phishing
Share these tips with your employees to ensure they know how to spot a phishing attempt:
The bottom line is that everyone in your organization, top to bottom, is a potential target. Make sure everyone is following cyber security best practices and is protected.
If you need expert assistance defending against cybercriminals and training your staff to recognize social engineering scams, get in touch with Orbis Solutions.
Thanks to our colleagues with Orion Networks in Columbia, MD for their support and partnership.