Business Email Compromise: Risks, trends and defences

Business Email Compromise (BEC) is a specific form of email fraud where criminals target companies. The aim is to trick employees into handing over money or important information. Businesses of all sizes and sectors, and employees in all roles and at all levels, can be affected.

How do business email compromise attacks work?

BEC attacks aim to compromise and exploit business email accounts and messages. Methods such as phishing, malware or social engineering are used. The attackers use a false identity or stolen account to send fake emails to employees, customers or partners. Their aim is usually money or confidential data.

Fraudsters often pretend to be managers, suppliers or other well-known or trusted sources to deceive their victims. In CEO fraud, for example, criminals use the name and therefore the authority of the CEO to order short-term payments or obtain internal company information. Fake invoices or reminders from suppliers, or letters from supposed lawyers or authorities are also popular methods.

The potential damage caused by BEC attacks can be significant and, in addition to high financial losses, can have long-term consequences such as loss of reputation or legal implications.

Trends and challenges of BEC attacks

In the past, phishing attacks were often easy to spot due to many errors or poor imitations. Today, they are often almost perfect and difficult to distinguish from genuine and legitimate emails.

By using automated tools and scripts to carry out large-scale and coordinated BEC campaigns, criminals are increasing their efficiency and success rate. Other campaigns are based on detailed research into the target person and their organisation in order to launch tailored and highly persuasive attacks.

Not least by artificial intelligence and machine learning, translations are perfected, email content is customised and written even more plausibly, and victims are lured onto false trails. Criminals also increasingly use deepfake technologies to falsify the voices or videos of executives to convince employees to disclose sensitive information or carry out financial transactions.

Some Attackers are focusing on specific industries such as financial services, real estate, law firms and healthcare, which are particularly attractive targets due to the sensitive data and large transactions involved. Third-party providers and partner companies are being used to penetrate the networks of their main targets via vulnerabilities.

Another trend is that BEC attackers sometimes stay on an organisation’s network for a long time, gathering information over time and launching multiple attacks before being detected.

Detect and defend against business email compromise

As is often the case, a combination of measures is effective in detecting and preventing Business Email Compromise attacks.

• Training and awareness-raising: Regular and practical training courses help to recognise and report phishing attempts in good time. Simulated phishing attacks can test and improve employees’ vigilance.
• Strong authentication: Strict password policies help to protect the security of email accounts. Multi-factor authentication (MFA) also makes it more difficult for criminals to take over an email account by adding an additional factor that verifies the login to the email account.
• Email filtering and security: Intelligent email security solutions can help organisations detect and report phishing attempts, suspicious activity or identity theft. This includes implementing and monitoring email authentication protocols such as DMARC, DKIM and SPF to prevent attackers from sending emails with spoofed sender addresses.
• Email encryption: The use of email encryption and digital certificates such as S/MIME guarantees the confidentiality and integrity of email content, making it more difficult for attackers to misuse your identity.
• Internal policies: Establish processes in advance to review and confirm payment instructions and changes through multiple channels, such as having a second person or department review each financial transaction.
• Security checks: Always keep your systems and software up to date and install updates immediately. Identify and eliminate vulnerabilities in your systems regularly through internal checks and pentests.
• Monitoring and anomaly detection: Systems for monitoring network traffic and detecting unusual activity, such as EDR (Endpoint Detection and Response) systems, enable early detection of attacks and immediate response.

Conclusion: Business email compromise poses a significant threat to organisations, which can only be effectively addressed through a combination of technical measures and training. As with many cyber security issues, it is important to stay abreast of the latest threats and to adapt and develop security strategies accordingly.

You may also be interested in this:

Passkeys as a secure alternative to passwords

Email encryption protects data and blocks attack vectors

Incident response planning: step-by-step emergency plan for IT security incidents