Business Email Compromise (BEC) Explained 📩

Business Email Compromise (BEC) Explained 📩

Business Email Compromise (BEC) is a form of cybercrime where an attacker uses email to deceive someone into transferring money or revealing confidential company information. Posing as a trusted individual, the fraudster requests payment of a fake invoice or asks for sensitive data for another scam. BEC scams have surged recently, with nearly 20,000 FBI complaints last year, partly due to the rise in remote work.

📌Common Types of BEC Scams

🔹Data Theft

Scammers often target HR departments initially, pilfering information such as employee schedules or phone numbers. This makes other BEC scams more convincing.

🔹False Invoice Scheme

Fraudsters, pretending to be a legitimate vendor, send a counterfeit invoice that closely mimics a real one. They might change one digit in the account number or request payment to a different bank under the guise of an audit.

🔹CEO Fraud

Attackers spoof or hack a CEO's email to instruct employees to transfer money or make purchases. Sometimes they request photos of gift card serial numbers.

🔹Lawyer Impersonation

Here, attackers unlawfully access an email account in a law firm and send clients fake invoices or payment links. Although the email address is valid, the bank account isn't.

🔹Account Compromise

By employing phishing or malware, scammers gain control over an accounts receivable manager’s email and then send fake invoices to suppliers, directing payments to a fraudulent account.

🔹How BEC Scams Operate

1. Scammers research targets and establish fake identities, sometimes creating bogus websites or companies.

2. Once in, they monitor email activity to identify financial transaction patterns.

3. During email exchanges, they impersonate one of the parties, often by subtly altering the email domain.

📌Targets of BEC

🔹BEC scams can target anyone but frequently aim at:

1. Executives and leaders, as their public profiles make impersonation easier.

2. Finance employees who possess critical banking and payment details.

3. HR managers holding sensitive employee records.

4. New or entry-level staff who may not verify an email’s authenticity.

📌Risks of BEC

🔹Successful BEC attacks can lead to:

1. Financial loss ranging from hundreds of thousands to millions.

2. Widespread identity theft if personal data is compromised.

3. Leakage of confidential information like intellectual property.

📌BEC Examples

📨Pay this urgent bill

📨What's your phone number?

📨Your lease is expiring

📨Top-secret acquisition

🔒Tips to prevent BEC

❗Use a secure email solution

Email apps like Office 365 automatically flag and delete suspicious emails or alert you that the sender isn’t verified. Then you can block certain senders and report emails as spam. Defender for Office 365 adds even more BEC prevention features like advanced phishing protection and suspicious forwarding detection.

❗Set up multifactor authentication (MFA)

Make your email harder to compromise by turning on multifactor authentication, which requires a code, PIN, or fingerprint to log in as well as your password.

❗Teach employees to spot warning signs

Make sure everyone knows how to spot phishing links, a domain and email address mismatch, and other red flags. Simulate a BEC scam so people recognize one when it happens.

❗Set security defaults

Administrators can tighten security requirements across the entire organization by requiring everyone to use MFA, challenging new or risky access with authentication, and forcing password resets if info is leaked.

❗Use email authentication tools

Make your email harder to spoof by authenticating senders using Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC).

❗Adopt a secure payment platform

Consider switching from emailed invoices to a system specifically designed to authenticate payments.

📌Microsoft Sentinel + email security

⚠️ Discover the recently released Solution for Business Email Compromise - Financial Fraud provides detection and hunting content to allow you to detect and respond to BEC threats at multiple stages of the attack cycle. In this blog we will discuss each stage of this cycle and how the Solution combines with Microsoft 365 Defender (M365D) to provide comprehensive coverage. To cover this scenario as fully as possible there are 21 Analytic Templates and 19 Hunting Queries across a range of data sources.

Tech community: Fortifying Your Defenses: How Microsoft Sentinel Safeguards Your Organization from BEC Attacks - Microsoft Community Hub

#microsoft #cybersecurity #emailsecurity #microsoftsecurity #siem #xdr #sec #identityprotection #emailprotection #MSPartnerUK