Für die Suche nach Inhalten geben Sie »Content:« vor den Suchbegriffen ein, für die Suche nach Orten geben Sie »Orte:« oder »Ort:« vor den Suchbegriffen ein. Wenn Sie nichts eingeben, wird in beiden Bereichen gesucht.

 

 

How to Defend Against Business Email CompromiseZoom Button

Informationen zu Creative Commons (CC) Lizenzen, für Pressemeldungen ist der Herausgeber verantwortlich, die Quelle ist der Herausgeber

How to Defend Against Business Email Compromise

How to Defend Against Business Email Compromise

New York, April 30, 2022

iQuanti: Business email compromise is all too common and something that many organizations find themselves fighting against in order to preserve the integrity of their company.

Also known as BEC, business email compromise is not your typical phishing approach but a sophisticated method to stealing information to generate high revenue. Typically, BEC targets organizations that send or receive wire transfers and involve a complex and oftentimes lengthy interception where scammers will insert themselves into the process.

What to Look Out for with Business Email Compromise

When it comes to defending against business email compromise, you'll first need to know what the cyberattack looks like. This scam typically comes down to inserting oneself into your communications in a believable way. 

While other cyberattacks, such as ransomware attacks, go after an organization's network weaknesses, BECs simply rely on their ability to make you believe they are an authentic account. This can be done via tricking an employee into clicking on a faulty link or by creating mock emails with links and misinformation.

A BEC Scenario

If a hacker can gain information from email accounts, they can duplicate the information and monitor activities to intercept or create a new scenario. For example, if someone attempts to carry out a BEC on your organization, they can send your assistant an email with a faulty link while believably impersonating you. With that, they can gain access to your Google Suite and see your employees' and organization's habits. 

If threat actors see that every Tuesday you send a wire transfer to a business partner, they can mimic the colleague's account the Monday before the next transfer and say this week they need the wire transfer to go to a different account. 

Then, your business partner calls on Wednesday saying they never got the money, and you realize that the email address requesting the change had a period in the middle, and the account was offshore and untraceable. 

Now you're out $50,000. This is only one of many BEC scenarios, but illustrates how simple and persuasive BEC can be.

Is Business Email Compromise Easy to Detect?

There is no way to universally prevent BEC because there is no universal way to detect it. Attackers are creative and very believable without the careful attention of all employees involved in business operations. While there is no way to 100% avoid the attacks, there are a few signs that things may be awry, and you can warn your employees to be on the watch for them. 

Verify email addresses, especially if the email uses a different tone than usual, or there are grammar mistakes.

Consider the sender and if the message is a logical request. For example, has this person ever requested a modified payment or new contact method before?

Don't click any email links. Instead, use your web browser to go directly to the website they're indicating and log in.

Preventing a Business Email Compromise Attack

If you want to substantially limit the chance of a business email compromise, there are a few ways you can protect your organization. Here are three steps to consider: 

Recognize what these attacks look like: Being able to detect a compromised message is half of the battle. Everyone involved in business operations should be careful to validate details, check with senior levels for verification, and simply check the email for authenticity.

Adopt a chain-of-command: If there is a process for communications, including a top-down approach, then lower-level employees may be less susceptible to falling for a scammer. If a lower-level employee is unsure of an email, they should be able to inquire with the next level up freely. This means creating a comfortable environment for employees to ask questions and verify information.

Adopt a strong tech guard: While human error is always going to be a threat, an additional layer of technical protection will strengthen your organization. This can mean a strong IT monitoring team, multi- or secondary-authentication methods, passwords, and encryption tools — or preferably, well-equipped internal IT professionals paired with a powerful cybersecurity stack.

Source: iQuanti

Content bei Gütsel Online …

 
Gütsel
Termine und Events

Veranstaltungen
nicht nur in Gütersloh und Umgebung

Dezember 2024
So Mo Di Mi Do Fr Sa
1234567
891011121314
15161718192021
22232425262728
293031
Februar 2025
So Mo Di Mi Do Fr Sa
1
2345678
9101112131415
16171819202122
232425262728
September 2025
So Mo Di Mi Do Fr Sa
123456
78910111213
14151617181920
21222324252627
282930
November 2025
So Mo Di Mi Do Fr Sa
1
2345678
9101112131415
16171819202122
23242526272829
30
Dezember 2025
So Mo Di Mi Do Fr Sa
123456
78910111213
14151617181920
21222324252627
28293031
Februar 2026
So Mo Di Mi Do Fr Sa
1234567
891011121314
15161718192021
22232425262728
September 2026
So Mo Di Mi Do Fr Sa
12345
6789101112
13141516171819
20212223242526
27282930
Oktober 2026
So Mo Di Mi Do Fr Sa
123
45678910
11121314151617
18192021222324
25262728293031
November 2042
So Mo Di Mi Do Fr Sa
1
2345678
9101112131415
16171819202122
23242526272829
30