Identify and investigate Business Email Compromise (BEC) scamshttps://cybersecureforum.co.uk/wp-content/uploads/2022/02/Varonis-Feb-24th.jpg 960 640 Guest Post Guest Post https://secure.gravatar.com/avatar/cb2a67f15cd7d053d8e638a1df3fd67f?s=96&d=mm&r=g
Business Email Compromise is an email-based phishing attack that specifically targets businesses and organizations to steal money, sensitive information, or account credentials. These attacks can be difficult to prevent as criminals may utilize social engineering techniques such as impersonation and intimidation to manipulate users.
Threat actors will often prepare for BEC attacks by first performing reconnaissance on their targets and uncovering publicly available data such as employee contact information to build a profile on the victim organization. Moreover, BEC attacks often focus on employees or executives who have access to more sensitive information or the authority to make payments on the organization’s behalf.
According to the FBI, there are five major types of BEC scams:
- CEO Fraud: In this scenario, the attacker will pose as the company’s CEO or any executive and send emails to employees, directing them to send money or expose private company information.
- Account Compromise: An employee’s email account has been compromised and is used to send BEC scams to other organizations and contacts from the compromised account.
- Attorney/Tax Impersonation: The cyber-criminal will impersonate an attorney or other representatives from organizations like the IRS to scam employees. These attacks will attempt to pressure employees into acting quickly to avoid “official repercussions”.
- Data Theft: Scammers may target employees in HR or those with access to employee information to obtain sensitive or private data regarding other employees and executives that can be used for future attacks.
- False Invoice Scheme: The attacker will spoof an email from an organization or vendor that the victim works with. This email may contain an invoice requesting payment to a specific account that the attackers control.