Combatting Business Email Compromise Risks

Featured Image

Table of Contents

  1. An old scam that keeps reinventing itself with new victims. Don’t become one!
  2. Monitoring for anomalous behaviour, both on-premises and in the cloud
  3. Having enough IT Security staff

An old scam that keeps reinventing itself with new victims. Don’t become one!section_1

You’ve probably heard the classic business email compromise (BEC) scam about Nigerian princes who want to deposit money in people’s bank accounts – but first need their prey to send them money to make it all work to plan. It’s an oldie but goldie. Unfortunately, it’s also one that keeps reinventing itself along with another batch of unwitting victims. In fact, it happens so often, BEC scams currently outdo ransomware as the most damaging cyberattack in the world.

In fact, according to the FBI’s Internet Crime Complaint Centre (IC3), in 2020, losses from BEC exceeded $1.8 billion—that’s a fourfold increase since 2016! The number of BEC incidents also rose by 61% between 2016 and 2020. Using tactics that play off real-time world events, such as COVID-19 or the trust of established interpersonal relationships, criminal elements have managed to stay ahead of the good guys with increased sophistication and swiftness.

To protect yourself and your business from these types of attacks, employee education is essential. For example, if someone in your accounts payable department receives an email from a business partner requesting you alter established wire transfer information, be sure your staff are trained to recognize the request as a red flag and confirm directly with their point of contact details of the change. It seems second nature, but when people are busy and working against deadlines, it’s easy to miss a well-disguised ruse.   

From a defence in-depth perspective, it’s also essential to ensure you have a layer of threat detection in place to help identify malicious behaviour, alert of the threat, and inform the correct response and remediation measures. This would include:

Monitoring for anomalous behaviour, both on-premises and in the cloudsection_2

BEC threats rely on looking like normal user activity. With an increase in remote work, companies are relying more on cloud services like Microsoft® Office 365® which puts data into a complex environment that’s often under-protected. Once threat actors can get access to Office 365, getting to the juicy data is just a few clicks away. Traditional perimeter security tools, such as firewalls, aren’t able to monitor suspicious activity in cloud-hosted applications like Office 365, SharePoint, or OneDrive. The same applies to monitoring of your endpoints for suspicious activity. If a threat actor slips past perimeter defence and acquires user credentials, it will be difficult to identify threats that appear as typical activity.

Having enough IT Security staffsection_3

When something nefarious goes down, you need to know immediately. Too many businesses lack the ability to dedicate staff to 24/7 monitoring of their environment. If an alert goes off at 1 a.m., the time lost until someone sees it and makes sense of it could be the difference between defence of the business or catastrophic damage. Managed threat detection and response can be a force multiplier if you are unable to monitor your environment 24/7. 

While there are many aspects to improving your defence in-depth, the following from the FBI act as good and effective tips to share with employees to help elevate everyone’s awareness of how to avoid business email compromise attacks.

To learn more about business email compromise threats and defence against them,  can provide you with guidance, education, and technology to strengthen your security posture. Give us a call and let’s discuss.

Article used with permission from the ConnectWise Partner Program