Business Email Compromise (BEC) Protection
Phish Protection Technology Protects Against BEC
What is business email compromise (BEC)?
BEC, also known as CEO impersonation, is defined as “a form of phishing attack where a cybercriminal impersonates an executive and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher.” BEC attacks usually begin with a cybercriminal successfully phishing an executive to gain access to their email inbox.
Often times malware or ransomware intrusions immediately precede a BEC incident. Those intrusions are usually facilitated through a phishing scam in which a victim receives an e-mail from a seemingly legitimate source that contains a malicious link.
There are actually five forms of BEC
According to the FBI’s Internet Crime Complaint Center (IC3), there are five main scenarios by which BEC is perpetrated.
Bogus Invoice Scheme When a business, which has a long standing relationship with a supplier, is requested to wire funds for invoice payment to an alternate, fraudulent account.
CEO fraud When the compromised email account of a high level executive is used to request a wire transfer to a fraudulent account.
Account compromise When an employee of a company has their email account compromised and it’s then used to request repayment of an invoice by a customer to a fraudulent account.
Attorney impersonation When victims are contacted by fraudsters identifying themselves as lawyers and are pressured into transferring funds to a fraudulent account.
Data theft When fraudulent e-mails are used to request either wage or tax statement (W-2) forms or a company list of personally identifiable information (PII).
BEC is a growing problem even for small businesses
According to the IC3, “the BEC scam continues to grow, evolve, and target businesses of all sizes. Since January 2015, there has been a 1,300 percent increase in identified exposed losses, now totaling over $3 billion.”
Account compromise is the most common type with smaller businesses since it requires a billing structure that is managed primarily through email. The bottom line is just because you run a small business doesn’t mean you’re not susceptible to BEC.
Tools used to target and exploit victims
Hackers which engage in BEC use a variety of techniques to target and exploit their victims. They include the following:
- Spoofing: using an email address that looks like a legitimate email address and tricks the victim into thinking it came from someone it didn’t.
- Spear phishing: using an email to target a specific individual in a company to obtain confidential information to be used in one of the BEC scenarios.
- Malware: secretly installing malicious software on the victim’s computer to infiltrate a company’s network and gain access to confidential information to be used in the BEC scam.
- Social engineering: using psychological manipulation to get targets to divulge confidential information that will later be used in BEC.
Preventing BEC requires advanced technology
The techniques used to perpetrate BEC can be mitigated with Phish Protection’s advanced phishing technology. To prevent spoofing, Phish Protection creates a customized list of domain names that could potentially be used to spoof your email and adds them to a blocked list so your employees never receive them.
To prevent malware, Phish Protection scans all email attachments for threats including executable files and files with embedded macros and scripts. Suspicious attachments are quarantined so end users are never given the chance to open them.
Most spear phishing attacks begin with a malicious link embedded in an email. Phish Protection protects against spear phishing by checking all embedded email links. They are checked not only upon arrival, but every time they’re clicked.
Enterprise-class email protection without the enterprise price
For one low monthly price and no per-user fees, Phish Protection’s integrated email security solution protects your employees from business email compromise (BEC) and many other email threats. 24x7. On any device. With features you’d expect in more expensive solutions:
All Plans Come With
- Stops business email compromise (BEC)
- Stop threatening emails before they reach the inbox
- Continuous link checking
- Real-time website scanning
- Real time alerts to users and administrators
- Check 6 URL reputation databases
- Protection with settings you control
- Protection against zero day vulnerabilities
- Complete situational awareness from a single web-based console