{"id":6901,"date":"2021-03-16T21:37:35","date_gmt":"2021-03-16T21:37:35","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6901"},"modified":"2023-07-18T18:00:09","modified_gmt":"2023-07-18T17:00:09","slug":"5-ways-to-prevent-business-email-compromise","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/de\/blog\/5-ways-to-prevent-business-email-compromise","title":{"rendered":"How to Detect and Prevent Business Email Compromise"},"content":{"rendered":"

Business email compromises (BECs) are financial scams that typically target companies and employees that carry out wire transfers. They\u2019re usually more sophisticated than typical\u00a0phishing schemes<\/a>, and require a mixture of impersonation, surveillance, and compromised emails of real business contacts.<\/p>\n

In this article, we\u2019ll look at how BECs work, how to detect BECs, and a few effective strategies managed services providers (MSPs) can use to help their customers prevent BEC attacks.<\/p>\n

How does business email compromise work?<\/h2>\n

Business email compromises are not high-tech scams. They rely on a sophisticated social engineering process to create a sense of authenticity. Instead of attacking vulnerabilities in cybersecurity systems, BECs rely on weaknesses generated by human behavior and interaction.<\/p>\n

BECs usually involve versions of spear phishing and whaling, using social engineering to carry out online attacks. BECs might involve outreach to employees under the guise of communications related to daily operations, or by pretending to be a business contact. But while phishing and whaling scams contact the target directly with fraudulent emails, BECs contact individuals through compromised institutional emails\u2014making them more convincing for the recipient.<\/p>\n

Typically, attackers attempt to gain access to a C-suite executive\u2019s account through phishing, malware, and other means. Once they gain access to the corporate email, they monitor the account to learn the communication habits of the executive, the contours of the business, and how it operates. Often, the attacker will send an urgent email requesting the recipient carry out a financial transaction. Because the communication looks like a routine transfer requested by a senior executive, suspicious activities may go unnoticed.<\/p>\n

Is BEC the same as ransomware?<\/h2>\n

BECs are different from ransomware, although the two sometimes share tactics\u2014and both are becoming increasingly common. Ransomware, or ransom malware, locks users out of their system, which usually contains sensitive information and personal files. Victims are then instructed to pay a ransom in order to restore access.<\/p>\n

Ransomware, like BECs, often use social engineering tactics to make their deliveries seem more credible. Emails may look like they\u2019re sent from colleagues, business contacts, or trusted institutions. Unlike BECs, however, ransomware attacks don\u2019t require the attacker to gain access to corporate accounts to trick the recipient into carrying out financial transfers. Instead, they tend to target the recipient directly. A common form of ransomware is malspam, which delivers\u00a0unsolicited emails<\/a>\u00a0containing rigged attachments or links to malicious websites.<\/p>\n

Can you detect a BEC?<\/h2>\n

While there are no fail-safe ways for detecting BEC attacks, there are common signs your employees can and should watch out for. Scammers rely on access to corporate information to create a sense of authenticity, so employees should always be cautious when reading internal communications from senior management. Common signs of BEC attacks include:<\/p>\n

1. SPELLING AND GRAMMATICAL MISTAKES<\/h3>\n

Emails filled with grammar errors or spelling mistakes should always raise a red flag. When dealing with requests for large financial transactions especially, employees should be suspicious of typos and poorly worded missives. While BEC scams are likely more sophisticated than typical phishing attacks, their messages may still contain typos and grammatical mistakes that help reveal a scam.<\/p>\n

2. SUSPICIOUS EMAILS FROM SENIOR MANAGEMENT<\/h3>\n

By sending emails from C-suite accounts, scammers ensure they gain a psychological advantage over their recipients. When receiving urgent instructions from senior management, employees should reflect whether it\u2019s out of character for a CEO or a CFO to send similar requests, especially if the requests pertain to sensitive information and large financial transactions.<\/p>\n

3. REQUESTS TO BYPASS PROCEDURE<\/h3>\n

Most organizations, especially those that deal with large, time-sensitive financial transactions, will have strict security procedures in place. Employees should beware of requests that demand they bypass standard procedure for any reason, regardless of who they receive the request from. Requests to skip protocol are usually the best indication of an attack, and employees should always double check the source of the communication before carrying out similar requests. When in doubt, it\u2019s best to reach out in person to the C-suite executive the message looks to be from to confirm.<\/p>\n

Finally, organizations should take the time to educate their staff about business email compromises. Update your training tutorials to include the basics of BEC scams, how to recognize them, and establish protocols for responding to scams discovered after the fact.<\/p>\n

How do you guard against business email compromises?<\/h2>\n

While there are no guaranteed ways to prevent employees falling prey to BEC scams, there are steps you can take to make your organization more secure. BECs rely on human fallacies and weaknesses, and you can prevent them by separating duties for carrying out financial transactions among several individuals. This way, you are adding layers of security.<\/p>\n

Additionally, businesses can protect their assets by making their mail security systems more robust in the following ways:<\/p>\n

TWO-FACTOR AUTHENTICATION<\/h3>\n

Since BECs usually require access to a C-suite account, one way to help prevent BECs is to ensure your executive accounts receive the best protections. Using two-factor authentication increases protection against scammers because it requires, in addition to a set of login credentials, access to the account holder\u2019s device. Using a unique dynamic PIN when accessing the account from new devices will make it less likely that scammers are able to obtain access to executive accounts.<\/p>\n

ANTI-SPAM SOLUTIONS<\/h3>\n

Anti-spam solutions can guard against more sophisticated forms of phishing, such as whaling and\u00a0spear phishing<\/a>, and offer ransomware attack protection. But keep in mind that traditional anti-spam solutions are set to recognize falsified emails containing suspicious attachments, and they may have difficulties recognizing emails sent directly from a compromised corporate account. Nevertheless, they\u2019re an essential feature<\/a> for protecting your assets.<\/p>\n

Security software for business emails<\/h2>\n

Advanced security software can provide threat detection and prevention against multiple forms of attacks.\u00a0N‑able\u00ae<\/sup>\u00a0Mail Assure<\/a>\u00a0uses collective threat intelligence and machine learning to guard against BECs, spear phishing, whaling, and ransomware. Mail Assure offers:<\/p>\n