• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Cybersecurity • Security  /  What is a Business Email Compromise (BEC) attack? How Seqrite can help in protecting your business email?
Business Email Compromise
19 October 2017

What is a Business Email Compromise (BEC) attack? How Seqrite can help in protecting your business email?

Written by Seqrite
Seqrite
Cybersecurity, Security
Estimated reading time: 3 minutes

A few months back, FBI released a report stating that Business Email Compromise or rather BEC scams usually cost businesses around  $3.1 billion. In addition to that, FBI also warned organizations regarding “Man-in-the-Email” and “CEO Fraud”; some of the better-known version of the conventional Business Email Compromise. These scams target businesses regardless of their size and according to surveys; there has already been a staggering 1300 percent growth in the number of BEC attacks, January 2015 onwards.

Understanding BEC Attacks

Put simply; Business Email Compromise is a type of phishing attack where cyber criminals show up as company executives and try to convince the customers, employees or vendors into transferring sensitive information and associated funds. BEC attacks are probably the most focused form of phishing where the cyber attackers research the landscape by looking at the social profiles of the targeted employees. Looking closely at the employees, vendors and non-suspecting customers allow cyber criminals to draft highly targeted emails. These emails can easily slip through the spam filters, therefore evading the whitelisting campaigns with seamless ease. This way, most employees fail to detect the threats embedded within and more often than not, the purpose of organizational safety is defeated.

Read more: How cybercriminals attract users by launching interesting phishing email subject lines?

Nature of BEC Scams

Every Business Email Compromise attack starts off with the cybercriminal phishing a company executive, precisely for gaining access to the concerned inbox or for validating the unofficial interests. Once the targeted company is tricked into believing the legitimacy of the email via a technique called ‘Spoofing’— any one of the five forms of BEC attack is launched against the same.

1. CEO Fraud

This form of attack involves hacking the email address of the company CEO and then emails are sent over to the employees, with wire transfer guidelines and other requirements which only a CEO can assign. This phishing approach includes emergency notes for vindicating the sudden wire transfers. Most attackers inject a sense of urgency for avoiding cross verifications.

2. Bogus Invoice

In the given scenario, the attacker invades the email address of the company executive, looks for a pending invoice and redirects the payment to an account that is owned by the former.

3. Attorney Impersonation

This form of BEC scam aims at compromising the legal department of the targeted company, thereby requesting large funds from the finance department for settling overdue payments and legal disputes.

4. Data Theft

This form of BEC scam doesn’t involve direct monetary gains and aims at stealing confidential data sets from the executive’s email address. The phishing approach for gaining unauthorized access remains the same with the CEO or a board member sending an email to the HR or finance suddenly requesting sensitive documents and other confidential details.

5. Account Compromise

This form of BEC scam usually works when the targeted company is preferably an SME with a smaller user base. In the existing scenario, the cybercriminal hacks into the email account of an employee and then sends emails to the existing customer base regarding a change in the payment account. The new account, secretly handled by the attacker, is forwarded to the customers and more often than not, the payments are made to the latter.

Read more: Conduct phishing simulation tests to keep employees alert

How Seqrite Keeps BEC Attacks at Bay?

Most of these attacks can be detected well in advance, via typosquat domains. Cyber security experts like Seqrite can help companies stay immune against the BEC scams by offering innovative features. Seqrite’s email security feature focuses on data safety and protection providing a granular approach towards controlling suspicious messages. In addition to that, data protection plans can also identify the nature of emails coming from ‘Internet-facing’ email gateways, even if they are forwarded from the CEO’s email account.

Data loss prevention solution from Seqrite helps combat the BEC data thefts by integrating the safety modules with the email marketing plans. There is a policy based encryption service at the helm, ensuring that the compromised information is always encrypted and the wrong person cannot access the same.

Digital signatures can validate the authenticity of an email. Therefore, it is important that the recipients look for these entities while addressing and processing the emails. Seqrite also offers end-user awareness and training to employees for staying vigilant against these phishing attacks. Some of the focused areas, when it comes to spreading awareness, include two-factor authentication during wire transfers and spoof checks.

Business Email Compromise is a serious issue that needs to be dealt with urgency. However, with security service providers like Seqrite on-board, it becomes easier for organizations to keep their email enclosures safe and sound.

As an IT security partner for your business, Seqrite provides comprehensive endpoint security from advanced cyber threats. To know more, visit our website or

seqrite_cta1

 Previous PostStrategies to mitigate risks of false positives in cybersecurity
Next Post  Spotted a breach? Know more about the after-effects of a security...
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Turn the Page Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Building a holistic cybersecurity strategy to safeguard the pharma sector

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021
  • Data breach volumes worry governments and businesses

    The Data breach inferno burning big-ticket businesses

    February 5, 2021

No Comments

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

Popular Posts

  • The Data breach inferno burning big-ticket businesses The Data breach inferno burning big-ticket businesses February 5, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks Pharma Sector needs to streamline its insides to avoid cyberattacks February 12, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond Turn the Page: Cybersecurity Predictions for 2021 & beyond February 18, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • Businesses now worried about the surge in COVID-19 infodemic

    Businesses now worried about the surge in COVID-19 infodemic

    February 26, 2021
  • Turn the Page: Cybersecurity Predictions for 2021 & beyond

    Turn the Page: Cybersecurity Predictions for 2021 & beyond

    February 18, 2021
  • Pharma Sector needs to streamline its insides to avoid cyberattacks

    Pharma Sector needs to streamline its insides to avoid cyberattacks

    February 12, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (279) cyber security (25) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (102) Enterprise security (14) EPS (9) Exploit (12) firewall (11) hackers (9) IoT (10) malware (58) malware attack (22) malware attacks (12) MDM (25) mobile device management (9) Network security (18) Patch Management (12) phishing (16) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite MobiSMART
  • Unified Threat Management
  • Seqrite Secure Web Gateway
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.