Business Email Compromise (BEC) attacks have emerged as one of the most sophisticated and financially devastating forms of cybercrime. The latest FBI Internet Crime (IC3) Report reveals that BEC resulted in $2.7 billion in adjusted losses annually.
These attacks are notoriously difficult to detect, relying on social engineering rather than traditional malware or malicious URLs, which makes them particularly insidious.
BEC attacks employ a variety of impersonation techniques designed to deceive and manipulate victims. Some of the most common tactics include:
- Display-name Spoofing: Attackers manipulate the “From” field in an email to show a display name that appears to be from a trusted contact within the organization.
- Domain Spoofing: The attacker forges the sender’s email address to appear as though it’s coming from a legitimate domain. This can be done by slight alterations to the domain name, such as replacing an “o” with a “0” (e.g., “yourcompany.com” becoming “y0urcompany.com.”
- Lookalike Domains: Attackers register domains that closely resemble the legitimate domains of a company. These might include an extra character or use similar-looking characters, which can easily go unnoticed by the recipient.
- Account Compromise: Perhaps the most dangerous tactic, this involves attackers gaining access to a legitimate email account within the organization. This allows them to send emails as the actual user, making the fraudulent requests appear entirely credible.
Recognizing the signs of a BEC attack is essential for prevention. Employees should be vigilant for unusual email requests from high-level executives or familiar contacts, especially if they involve urgent wire transfers, gift card purchases, or changes to payment details—common tactics in BEC scams.
Responding to a BEC attack
Despite best efforts, no organization is entirely immune to BEC attacks. If your organization falls victim to one, swift and effective action is necessary, including:
- Immediate containment: As soon as a BEC attack is detected, take steps to contain the breach. This may include disabling compromised accounts, notifying affected parties, and freezing financial transactions.
- Internal communication: Inform your team about the breach and instruct them on how to identify and report any suspicious emails they may have received. Clear communication can prevent further damage.
- Work with law enforcement: Report the incident to the appropriate authorities, such as the FBI’s Internet Crime Complaint Center (IC3). Providing detailed information about the attack can help in recovering lost funds and preventing future incidents.
- Review and strengthen security measures: After addressing the immediate threat, conduct a thorough review of your security protocols. Identify any gaps that allowed the attack to succeed and implement stronger measures to prevent recurrence.
Stop BEC in its tracks
BEC attacks are a significant threat that require constant vigilance and a proactive approach to security. By understanding the tactics used by attackers, recognizing the warning signs, and implementing robust security measures, organizations can protect themselves from these costly scams.
Learn how Proofpoint can help you mitigate the threat of BEC at https://www.proofpoint.com/us/products/threat-defense.