Business Email Compromise (BEC), which is also known as Email Account Compromise (EAC), occurs when an attacker gains access to a victim’s email account and attempts to get them or their contacts to transfer money to accounts the attacker controls. The loss from these scams can measure in the millions of dollars due to the extensive damage an attacker can accomplish by impersonating important employees or executives. They do so not only by committing fraud, but also by disrupting operations and stealing the personal information of the company’s personnel and customers.
The most common BEC targets are employees or company executives who handle finances and transactions because of their authority and access to privileged information. Attackers often gain access by sending phishing emails with malicious attachments that give them access to the victim’s network. Other times, they may simply use brute force to log in with the account’s credentials. An attacker can also research a potential victim’s online presence, such as social media accounts, websites and any publicly available information. The attacker will also go through the email account’s contact information and messages, then craft a spear-phishing email tailored to the recipient to increase the chances that the victim will believe the message and wire money under the guise of a legitimate transaction.
When the attacker compromises an account they can then also insert themselves into conversations with legitimate contacts using spoofed accounts under typosquatted domains, or domains that have been created with only a slight change to the legitimate email address name. For example, if the attacker sees that the compromised account regularly communicates with a john.doe@business.com, the attacker might use john.doe@busness.com. The attacker will then begin sending emails attempting to solicit money transfers while deleting emails from the real John Doe to maintain the ruse.
According to the FBI Internet Crime Complaint Center (IC3), the division received over 19,000 complaints related to BEC in 2020. With an estimated cost of $1.8 billion worldwide, BEC is the largest source of loss for companies for the year. The IC3 also noted that the push for businesses to conduct their operations virtually due to the COVID-19 pandemic allowed BECs to flourish.
To protect against BEC, be vigilant and always verify senders emails addresses, especially if the contact is changing their accounting information or making an urgent payment request; oftentimes scammers rely on people making mistakes when there is an urgent deadline. Setting up multi-factor authentication will help prevent accounts from brute force attempts. If you suspect that an account has been compromised, conducting an audit of the mail server can reveal which accounts have been tampered with. Indicators of tampering can be logins from unusual locations and suspicious mail rules for accounts.
If you believe that your email networks have been tampered with, Redpoint Cybersecurity can provide email server audits and security consulting . Please contact info@redpointcyber.com for more information.