Business Email Compromise attacks are on the rise. This kind of sophisticated cyber attack uses legitimate-seeming emails to convince you or a member of your team to send money or sensitive data.
The best BEC attacks are nowhere near as easy to detect as you might imagine. And for thousands of businesses around the world each year, this is a serious problem.
So, here is everything you need to know about what Business Email Compromise is, some examples of what it looks like, and how to protect your business:
What is Business Email Compromise?
Business Email Compromise or BEC is a type of cybercrime involving a carefully crafted fraudulent email that tries to trick your team member into approving a financial transfer or offering sensitive business information.
The most important thing to realise about BEC is that these emails may appear completely legitimate. They don’t contain malware or have any dodgy links to click on. What’s more:
- They’re designed to target specific, named individuals within your business
- They contain specific personal details to increase that sense of legitimacy
- They may impersonate someone the target corresponds with regularly
- Or someone in authority within the organisation (possibly you)
- The request may be quite mundane – to pay a supplier or service charge, for example
Why are BEC attacks particularly dangerous?
- They seem legitimate – they may spoof the email domain of someone you or your team member normally speaks to. They may even come from a legitimate email account that has been compromised.
- They don’t trip DMARC checks – Domain-based Message Authentication, Reporting, and Conformance stops emails that come from unauthorised domains. This doesn’t work on BEC (sometimes because they are from a legitimate source).
- They don’t lead to spikes in traffic – BEC attacks work partially because they are one-off, natural-seeming communications. There are no big spikes in email traffic to alert filters.
An example of a Business Email Compromise attack
A simple example of a BEC attack email (adjusted for explanatory purposes) might look something like this:
From: [email protected]
Subject: Urgent attention needed for Our Regular Supplier
Hi Tim,
I was just notified that the usual £1500 payment to Our Regular Supplier hasn’t gone through. Please send it again. The account details should be XX-XX0XX.
PLEASE DO THIS ASAP. Needless to say, we don’t want to put this relationship in jeopardy,
I’m going to be out of touch for the next few hours, but I’ll email you later to check. It definitely needs to have been done by COB today.
Thanks,
Your boss, Phil
What do BEC attack-style emails have in common?
Let’s break this example down to identify some key elements that tend to run through all BEC attack-style emails:
- Sender has authority – they could be from the head of accounts or the CEO.
- Seems legitimate – they appear to have come from the email address of the “boss” and may even look like an email from them.
- Underlines urgency – it may literally say it’s an urgent request. Or use words like “important”, “now”, “soon”, or – in this case – “ASAP”.
- Appears justified – even if this is an unusual request, the email will have some kind of justification as to why it is necessary for business reasons.
- Specific orders – usually a specific amount, a named bank account or email address, and other details will be included.
- An unreachable sender – the attacker does not want questions. There will usually be some reason given – often, sheer urgency – why the target should simply follow orders and not reply (or double-check the request with someone else).
How to prevent Business Email Compromise
1) Know what data is out there
Attackers are able to personalise BEC attack-style emails because they scoop data from other sites, such as:
- Private websites
- Your social media accounts
- Other information available about you and your business online
This means it’s smart to assess what data about you is available out there and potentially change security settings to restrict it.
You should also consider anything posted about you or your business online that may provide information about you that an attacker could use to personalise an email.
2) Consider your usual working practices
Your standard working practices around financial matters should make it a little more obvious when something is happening that’s outside of the ordinary.
If an email appears that’s not usual, it might be reasonable to immediately treat it as suspicious. Consider following up via non-email-related means if possible.
You should also flag suspicious emails for your internal IT department or Managed Service Provider to check.
3) Watch out for orders from “high ranking individuals” and urgency
The classic Business Email Compromise attack comes from someone purporting to be a high-ranking member of your organisation ordering a payment of a specific value to a specific account. It also includes an urgent push to action.
Any email that fits this bill is potentially suspect. If you or your team receives one, double-check the sender’s name and email address and take the actions above.
You might also look at the logos and other graphics in the email. Are they legitimate? Or simply very similar to the real thing?
The best way to prevent Business Email Compromise attacks
You might have an in-house IT department or a Managed Service Provider constantly watching your organisation’s cybersecurity.
Either way, getting them to provide training to your team about what BEC is and how to prevent it is a good phase one.
If the worst should happen, having experts ready to step in and act is vital too. Fast action in these circumstances could save you a lot. Up to and including your business.
Want to know how Managed Service Providers like Dial A Geek protect your business from BEC?
Let’s talk about it. Over 1000 businesses in Bristol and the UK trusted us with their cybersecurity.
Walk through your situation with Chief Geek Gildas Jones today when you book a cost and commitment-free chat.
ALL ARTICLES