Business Email Compromise – Phishing, Smishing and Beyond
Human error causes about 90% of cyberattacks. Further, Verizon’s Data Breach Investigations Report of 2019 shows that one in three all cybersecurity breaches involve a business email being compromised through a phishing attack.
To put it simply a Phishing attack is when a fraudster poses as a trusted entity and approaches you via email or other social media platforms to steal your data, login credentials, credit card number, or bank details. This social engineering scam has become a deadly weapon and is often referred to as Business Email Compromise (BEC) or Email Account Compromise (EAC).
Business Email Compromise and its Impact
Business email compromise (BEC) is a specialized phishing scam in which an attacker impersonates or compromises an executive’s email account and tries to manipulate an employee or vendor to transfer a large amount of money or share sensitive information.
BEC attacks, which were already on the rise in 2019, got a new boost when the whole world was forced to work remotely due to the pandemic.
The average cost of a BEC attack is about $80,000 in 2020, a 48% increase from 2019’s average. The FBI reported that of all the cyber scams reported in 2019, BEC accounted for half of them, a whopping $1.77 billion in damages of total $3.5 billion.
The key to responding to a BEC attack is to respond rapidly to maximize the speed of recovery. Our strategic team at Alliant cybersecurity can help you formalize an immediate and effective response. This is a key parameter while reporting a BEC incident to the IRS/FBI and filing cyber insurance.
Why are BEC Attacks so Damaging?
As opposed to regular phishing or spam mail, BEC emails do not generally have any clickable links or files to download. Instead, they have specific instructions about the organization, so traditional email filters and standard cyber solutions are often bypassed.
Since, a BEC email passes the spam filter, there is a high chance that an unaware employee might respond to the email positively.
Here are a few impersonations and tricks the fraudsters are known to use:
- Most used are impersonating as a CXO asking for a favor or passing urgent instructions.
- Impersonating as vendors and raising phony invoices.
- Impersonating as an attorney or advisor raising an urgent concern.
- Impersonating as HR or accounts departments and requesting tax and banking information which will be used for a future attack.
- Impersonating as employees and reaching out to vendors and supplies.
How does BEC work?
As part of impersonation, fraudsters also use techniques to send these emails, they use one or more of the following to do so:
- Domain Spoofing: attacker will fake the display name and sender address of an email to the receiver the mail looks like it came from a colleague or a trusted vendor.
- Lookalike Domains: the attacker sends mails from domains that look similar to the actual domain name to confuse the receiver, like [email protected]amazon.com can be made [email protected] or [email protected] – [email protected] or merge two or more letters like [email protected] – [email protected]
- Hack or compromised accounts: an attacker may somehow obtain the username and password of an employee and share a compromising email.
Formulating a Plan
Having a response plan in place is of utmost importance. Alliant cybersecurity offers expert consultation to formulate an immediate, short-term, and mid-term response plan in case of a scam.
- Timing: This is the most critical factor. You need to have a planned timeline to trigger various actions or including informing all the stakeholders, senior management, federal authorities, employees’ et al.
- Intimation: It is critical to understand who will take key actions such as containment, recovery, and reporting to the concerned authorities.
- Action: Understand the steps to take to isolate the email or account. These may include changing passwords, informing the employees or relevant teams, creating a backup account, etc.
- Timespan: This may include the tentative time it might take to recover or switch back to normal.
Analyzing a BEC Attack
BEC response must start with an analysis of many parallel processes at once, including legal, finance, business continuity, and forensics to determine the scope of the attack.
A mix of automated robotic processes, AI Tools, and expert analysis should be utilized to:
- Identify the root cause of the attack
- Analyze logs
- Mine data
- Analyze personal and protected files/information for breach
Our experts will not only produce legally compliant documentation but also help you implement solutions to mitigate damage.
Alliant Cybersecurity Advantage
Alliant Cybersecurity will publish an initial report in the next 24-72 hours with our findings on: Why, Who, what, where, when, and how this attack happened. Our team will also assist you with:
- Selecting tools to secure and strengthen your infrastructure
- Assist in mediating with law enforcement agencies and insurance providers
- Training for your workforce to avoid future attacks
Get the Alliant advantage today! Contact us for general consultation or reach out to us on our hotline number for a cyber-emergency.