What is Business Email Compromise (BEC)? 

Business email compromise (BEC) is a type of cybercrime in which attackers use email to impersonate a high-level executive, like a CEO or other trusted individual, to gain access to sensitive information, and to trick employees into making unauthorized wire transfers or other financial transactions. 

How Do BEC Cyberattacks Work?

BEC attacks often involve the attacker compromising an employee’s email account and using it to send fraudulent emails to other employees or to customers. Hackers might also make a slight modification to a legitimate company email or website address to fool people. The emails may request sensitive information, such as login credentials or financial information, or they may instruct employees to make a wire transfer or to purchase gift cards or other items that can be easily converted to cash. 

BEC attacks can be difficult to detect, as the emails often appear to come from a trusted source and may use language and formatting that is consistent with the company’s internal communications. This makes it important for businesses to be vigilant in protecting against these types of attacks. Microsoft has observed a 38 percent increase in cybercrime as a service (CaaS) targeting business email between 2019 and 2022. 

How to Protect Your Business Against BEC Attacks

Implement Robust Security Measures

Protecting against email account compromises is crucial in preventing BEC attacks. This may include using multi-factor authentication, regularly updating passwords, and using email security software. 

Cybersecurity Awareness Training

Because end users are the main target of BEC attacks, it’s critical to implement a cybersecurity awareness training program. As a start, individuals should be taught to spot suspicious emails, especially those that request sensitive information or instruct them to make financial transactions. They should also know what steps to take if they think they’ve encountered potentially suspicious communication.  

Perform a Risk Assessment

For any sort of cybersecurity concern, MSPs should have a full understanding of where potential vulnerabilities are. Performing initial security risk assessments will allow your team to be proactive and minimize the chance of BEC attacks. 

Review Technical Controls

Look for signs of anomalous activity within your client’s systems. What kind of activity do you see within, say, Microsoft Office 365 or Google apps? Take the time to spot things such as a new forwarding rule that was recently created, or suspicious logins that might come from a new location you’ve never seen before. Furthermore, make sure your client hasn’t turned multi-factor authentication off. You can go one step further and set up zero-trust network architecture so that no employee can be granted more access than they absolutely need to perform their job. 

Need a Hand?

By following these steps to a layered security approach, businesses can help to protect themselves against BEC attacks and other cyber threats. Stay vigilant and stay informed about the latest threats to keep your business secure. In addition, working with a Managed Security Services Provider (MSSP) like Choice Solutions can help your business stay proactive in BEC attacks. Contact us today to see how we can help.