Most people have heard of the classic email scams, often involving Nigerian princes who claim to deposit money into people’s bank accounts, but first, they require the target to send them money to facilitate the process.
It’s a well-known tactic, that unfortunately continues to resurface, catching new victims each time.
The only way to stay safe from these kinds of email attacks is to stay informed.
Business Email Compromise (BEC) scams are all too common and have continued to evolve over the years.
It maintains its core premise but will adapt to trap unsuspecting victims in personalised and novel ways.
This scheme has become so prevalent over the years, that it currently dethrones ransomware as the most destructive cyberattack worldwide.
One suspected reason for this is that cyber security providers, and the software they use is now incredibly efficient, so it’s easier to target people by tricking them, instead of getting through the layers of IT protection.
Back in 2021, BEC-related losses were over $2.4 billion in the US, according to the FBI’s Internet Crime Complaint Centre (IC3).
Perpetrators of these scams will deploy strategies that exploit real-time global events, such as COVID-19, or the trust you have in established personal relationships.
These tactics will let them get the better of their targets, and the sophistication and speed of these scams only make it worse.
Examples of this insidious trend include:
How to Stay Safe:
Security Awareness Training
To ensure that you and your business are protected from attacks like this, prioritising employee education is essential, for example, we provide security awareness training to our client’s staff.
For instance, if a staff member in your financial department receives an email from a purported business partner, requesting alterations to their preestablished digital transaction details, what would they do?
Your team should see this as a red flag straight away and verify the request with the designated point of contact to confirm any changes.
Although this seems intuitive, precautions like this can be overlooked, especially when there are busy schedules and looming deadlines.
Scammers can craft incredibly convincing and personalised disguises when carrying out BEC scams.
Your best bet is to take a multi-faceted defensive stance, it’s crucial to implement threat detection mechanisms alongside staff education.
Mechanisms like these will aid you and your IT team in identifying threats and malicious activities, issuing swift alerts, and guiding appropriate responses and remediation efforts.
This involves monitoring abnormal behaviour, both within on-premises systems and across cloud platforms.
It is also important to recognise that BEC threats will typically mimic regular user actions.
So, given the rise in remote work in recent years, reliance on cloud services like Microsoft Office has grown significantly.
However, these services tend to operate under protected, intricate environments.
If a threat actor were to infiltrate your organisation’s Office 365, accessing valuable data is almost effortless.
Traditional parameter defences, like firewalls, can struggle to monitor suspicious behaviour in cloud-hosted applications, such as Office 365, SharePoint, and OneDrive.
The same applies to endpoint monitoring; if a threat actor bypasses perimeter defences and gets user credentials, any actions they take will seem ordinary to the technology as they have the correct credentials to carry out these tasks, but it is actually a serious threat.
Cyber Security Support
Moreover, maintaining an adequate IT security team is imperative.
If there is a threat, swift action, prevention, and resolution are key.
Unfortunately, many businesses lack the resources to assign staff to 24/7 monitoring of their systems.
Should an alert trigger in the middle of the night, it’s likely that nobody will see it until the working hours the next day.
The delay of notice and comprehension of a threat can determine whether your business successfully defends itself or sustains what can be catastrophic harm.
Managed threat detection and response services, provided by an MSP, can act as force multipliers, especially when continuous monitoring isn’t possible.
Other Safety Tips
As well as all the above strategies, the following guidelines, provided by the FBI, can greatly improve your defences and heighten awareness among employees, helping you fend off BEC attacks:
For a deeper understanding of BEC threats and effective defence strategies, don’t hesitate to contact us for a comprehensive discussion.
Itek provides IT solutions for your entire IT infrastructure. Your business can experience a cost-effective service at a predictable fixed rate, removing the burden from you and your team and freeing you to focus on your goals.