How to Defend Against Business Email Compromise

New York, April 30, 2022

iQuanti: Business email compromise is all too common and something that many organizations find themselves fighting against in order to preserve the integrity of their company.

Also known as BEC, business email compromise is not your typical phishing approach but a sophisticated method to stealing information to generate high revenue. Typically, BEC targets organizations that send or receive wire transfers and involve a complex and oftentimes lengthy interception where scammers will insert themselves into the process.

What to Look Out for with Business Email Compromise

When it comes to defending against business email compromise, you'll first need to know what the cyberattack looks like. This scam typically comes down to inserting oneself into your communications in a believable way. 

While other cyberattacks, such as ransomware attacks, go after an organization's network weaknesses, BECs simply rely on their ability to make you believe they are an authentic account. This can be done via tricking an employee into clicking on a faulty link or by creating mock emails with links and misinformation.

A BEC Scenario

If a hacker can gain information from email accounts, they can duplicate the information and monitor activities to intercept or create a new scenario. For example, if someone attempts to carry out a BEC on your organization, they can send your assistant an email with a faulty link while believably impersonating you. With that, they can gain access to your Google Suite and see your employees' and organization's habits. 

If threat actors see that every Tuesday you send a wire transfer to a business partner, they can mimic the colleague's account the Monday before the next transfer and say this week they need the wire transfer to go to a different account. 

Then, your business partner calls on Wednesday saying they never got the money, and you realize that the email address requesting the change had a period in the middle, and the account was offshore and untraceable. 

Now you're out $50,000. This is only one of many BEC scenarios, but illustrates how simple and persuasive BEC can be.

Is Business Email Compromise Easy to Detect?

There is no way to universally prevent BEC because there is no universal way to detect it. Attackers are creative and very believable without the careful attention of all employees involved in business operations. While there is no way to 100% avoid the attacks, there are a few signs that things may be awry, and you can warn your employees to be on the watch for them. 

Verify email addresses, especially if the email uses a different tone than usual, or there are grammar mistakes.

Consider the sender and if the message is a logical request. For example, has this person ever requested a modified payment or new contact method before?

Don't click any email links. Instead, use your web browser to go directly to the website they're indicating and log in.

Preventing a Business Email Compromise Attack

If you want to substantially limit the chance of a business email compromise, there are a few ways you can protect your organization. Here are three steps to consider: 

Recognize what these attacks look like: Being able to detect a compromised message is half of the battle. Everyone involved in business operations should be careful to validate details, check with senior levels for verification, and simply check the email for authenticity.

Adopt a chain-of-command: If there is a process for communications, including a top-down approach, then lower-level employees may be less susceptible to falling for a scammer. If a lower-level employee is unsure of an email, they should be able to inquire with the next level up freely. This means creating a comfortable environment for employees to ask questions and verify information.

Adopt a strong tech guard: While human error is always going to be a threat, an additional layer of technical protection will strengthen your organization. This can mean a strong IT monitoring team, multi- or secondary-authentication methods, passwords, and encryption tools — or preferably, well-equipped internal IT professionals paired with a powerful cybersecurity stack.