• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Phishing • Retail/Manufacturing • Startup/SMBs/SMEs  /  Diving deep into the Business Email Compromise
14 February 2018

Diving deep into the Business Email Compromise

Written by Seqrite
Seqrite
Phishing, Retail/Manufacturing, Startup/SMBs/SMEs
Estimated reading time: 4 minutes

Business Email Compromise is the new kid in the block in cyber crime space. As per an FBI report, Business Email Compromise (BEC) has affected more than 130 countries since October 2013 and the global losses or attempted losses have crossed $5 billion. The threat and associated losses are only increasing with time.

What is BEC?

Business Email Compromise (BEC) also known as “CEO Fraud” or “Man-in-the-email” is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.  It is a kind of phishing attack where the attacker impersonates as a key organization executive (often someone with high level of authority like a CEO) and gets the victims to either transfer funds or share critical information with him/her.

A BEC is often a highly focused attack and works in a manner that the emails flowing in look completely legitimate to the receiver making him act on it and thus becoming a victim. BEC attacks mostly focus on individuals who are responsible for wire transfers, targeting businesses and employees through spoof emails. They build up enough information about the management of the company, employees responsible for making payments, key suppliers from compromised emails, employee information from company news/social media and other sources to make these email attacks look authentic.

Read more: How cyber criminals attract users by launching interesting phishing email subject lines?

The BEC Forms and Impact

Once these malware gain an entry into the organization’s network, they could:

  1. impersonate a CEO or a CFO to get a wire transfer done to their accounts.
  2. use fraudulent invoice payments route by changing the account number of the suppliers to route supplier payments to one of their own accounts.
  3. compromise the account of an employee to email customers of failed payment transaction and asking them to send the payment to a different account.
  4. using the attorney impersonation method of coercing an employee to transfer money for a confidential acquisition thereby inflicting huge financial losses to these companies.

These losses are estimated to touch a staggering $9 billion worldwide in 2018. Data theft is another threat of a BEC scam which is non-financial in nature but equally devastating.

Gearing up against BEC

Business Email frauds are quite sophisticated and finely targeted that it makes them difficult to identify. However, there are many ways in which these can be controlled or avoided. A few of them are listed below:

  1. Two-factor authentication: It is the best way to control BEC. It prevents hackers from getting into your account and sending fraud emails using your identity.
  2. Reviewing authorization: It is important to regularly review the authorizations given to employees for organizational fund transfer. There should be minimum number of people who are authorized for such transfers and also a consolidated list should be prepared to ensure no new id is accessing the payment system.
  3. Capping the fund transfer amount: Set the limit of amount transfer by the approving individual. Any transaction beyond that amount should be re-verified and processed by the bank. This can help protect high value fraudulent transactions.
  4. Double verification for new requests: Any new or unusual payment requests should be passed by at least 2 people within the organization to ensure an added layer of security check.
  5. Using anti-phishing software: Relying on a robust anti-phishing solution is a great way to enable employees to act as a basic defense against BECs. Having comprehensive solutions like Seqrite EPS with anti-phishing feature can protect your enterprise from many more threats than just BEC.
  6. Get basic hygiene in place: Keeping up to date antivirus, not downloading unknown programs and attachments from unverified sources, blocking unused ports and monitoring ongoing traffic are some basic hygiene factors that enterprises must follow as a protection against BEC.
  7. Use common sense: Nothing beats common sense and little vigilance. BEC’s can be minimized by being slightly vigilant in terms of signatures or a handheld info from where mail comes in. The hackers often impersonate executives when they are travelling. Bearing this small info in mind might save your company a lot of money.

Seqrite to the rescue

Cybersecurity experts like Seqrite have developed innovative features in their products to help fight scams like BEC.  Seqrite’s Endpoint Security is loaded with features that up the organization’s defense against malware and phishing attacks like BEC. It offers superior phishing protection against attacks that originate from malicious codes over the internet by stopping them from entering the network and spreading across. Other features included in their email security tool help identify the nature of emails coming from various email gateways as well as provide robust protection against suspicious messages. BEC data thefts can be avoided by integrating Seqrite’s Data Loss Prevention solution with the email marketing plans. Policy-based encryption allows information to be encrypted and accessible only to authorized personnel. BEC is a serious threat but with Seqrite as your security partner, it can be tackled with ease.

As an IT security partner for your business, Seqrite provides comprehensive security from advanced cyber threats. To know more

 Previous PostHow do cyber criminals celebrate Valentine’s day
Next Post  Benefits of having Intrusion Prevention/Detection System in your ...
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Can office emails leave you skating on thin ice?

    Could you be blindsided when your CEO emails you?

    September 22, 2020
  • Big businesses getting trapped by phishing nets.

    Are industrial whales getting massacred by spear-phishing?

    July 28, 2020
  • Beware:Phishing emails are sinking the ship of Manufacturing and Export Sectors.

    Advance Campaign Targeting Manufacturing and Export Sectors in India

    July 6, 2020

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.