“Business Email Compromise”
What they are and how to protect yourself
According to several sources and joint investigation between the IC3 of the FBI, the Canadian government as well as other associations. Identity theft is crucially increasing and leading to huge production losses. This article will help your internal IT staff as well as your vendors to properly configure your domain, as well as your business, to minimize the risk of spoofing.
What is a BEC attack?
A BEC attack is a cybercriminal hacking into emails impersonating your company’s supervisors, CEOs, or suppliers. Once compromised, it demands a seemingly legitimate payment. The email appears genuine and comes from a known authority figure, so the employee complies with it. Typically, the hacker will request money to be wired, request a wire transfer, and / or checks to be deposited, regardless of normal business practice. However, this scam has evolved and no longer just involves money. Instead, the same technique is used to steal employee personally identifiable information or salary and tax forms (eg T4, pay stub, employment record, bank card confirmation).
What can I do to stop an attack?
While some BEC attacks involve the use of malware, many rely on social engineering techniques, to which antiviruses, spam filters, or email whitelisting are ineffective. However, one of the most useful things you can do is educate employees and deploy internal prevention techniques, especially for frontline staff who are most likely to be the recipients of initial attempts. phishing. Here are some self-protection strategies your business can use:
- Avoid free webmail accounts. Establish a corporate domain name and use it to create corporate email accounts instead of free web accounts.
- Enable dual authentication for corporate email accounts. This type of authentication requires several pieces of information to log in, such as a password and physical authentication, code or biometrics. The implementation of dual authentication makes it more difficult for a cybercriminal to access employee email, making it more difficult to initiate a BEC attack.
- Do not open any emails from unknown parties. If you do, do not click on any open links or attachments, as these often contain malware that accesses your computer system.
(ex: educate employees on visual email filtering, how to verify a Microsoft and / or Google identity)
- Secure your domain. Domain spoofing uses slight variations in legitimate email addresses to deceive BEC victims. Registering domain names similar to yours will go a long way in protecting against email spoofing at the heart of successful attacks. (example: the configuration of a security SPF, a DKIM as well as a DMARC with the rules appropriate to the threats)
- Check the sender’s email address. A spoofed email address often has a similar extension to the legitimate email address. For example: jdoe@compagnie_xyz.com instead of firstname.lastname@example.org.
“Forward”, do not “reply” to business emails. When sending the email, the correct email address must be typed manually or selected from the notebook
- addresses. Email forwarding ensures that you are using the correct identity (email address) of the intended recipient.
- Don’t over-share online. Pay attention to what you post on social media and company websites, especially tasks and job descriptions, reporting information, and details outside of the office.
- Always check before sending money or data. Make sure that employees must perform a standard operating procedure to confirm requests for wire transfers or confidential information. Confirm in person or over the phone using previously known numbers, not phone numbers provided in electronic communications.
- Know your customer and supplier habits. If there is a sudden change in business practices, beware. For example, if a business contact suddenly asks you to use their personal email address or another email other than the usual one, when all previous correspondence has been by company email, the request may be fraudulent. Check the request through a different source, either your internal IT or contact the company in question.
BEC attacks are not as well known as ransomware or other forms of cybercrime, but they are a very significant threat to organizations of all sizes nonetheless. Combining email security solutions with education and best practices can help your business avoid BEC attempts. However, if your business is targeted, remember that ATK Technologies can help you control this attack, help manage the risk, and take the right steps to minimize it afterward by educating your staff and performing audits. internal security.
Remember that the fight against cybercrime is a team effort.