By navigating our site, you agree to allow us to use cookies, in accordance with our Privacy Policy.

Why Are BEC Attacks Something Not to be Ignored?

Anshuman Singh
Anshuman Singh, Senior Director, Product Management, Barracuda Networks

Phishing attacks are one of the most common security challenges that both individuals and the companies are facing to keeping their information secure. Hackers are using email, social media phone calls or any form of communication to access the corporate or personal data. Ransomware, phishing and similar cyber threats like spear phishing/ whaling and CEO Fraud/Business Email Compromise (BEC) are the major cybersecurity concerns. Both ransomware and phishing are critical problems that every organization must address through a variety of means: user education, security solutions, vulnerability analysis, threat intelligence, good backup processes, and even common sense.

One of the most prevalent types of cyber fraud is the Business Email Compromise or BEC scam.   These attacks are responsible for billions of dollars in fraud losses over the last few years, and the criminals keep getting better at scamming their victims. A BEC is a form of phishing attack where a cyber-criminal impersonates an executive (often the CEO) and attempts to get an employee, customer, or vendor to transfer funds or sensitive information to the phisher. Criminals use Business Email Compromise (BEC) attacks to obtain access to a business email account and imitate the owner’s identity, in order to defraud the company and its employees, customers or partners.  In most cases, scammers focus efforts on employees with access to company finances or payroll data and other personally identifiable information (PII).

In most cases, BEC attacks try to deceive the recipient to do a wire transfer to a bank account owned by the attacker, while in many of the attacks, it asks the recipient to send the attacker personal identifiable information (PII), typically in the form of W2 forms that contain social security numbers. Another important observation is that a large percentage of BEC attacks do not involve a link: the attack is simply a plain text email intended to fool the recipient to commit a wire transfer or send sensitive information. These plain text emails are especially difficult for existing email security systems, because they are often sent from legitimate email accounts, tailored to each recipient, and do not contain any suspicious links. Also, in many of the attacks, the attacker tries to establish rapport with the target by starting a conversation with the recipient (e.g., the attacker will ask the recipient whether they are available for an urgent task). For the “rapport” emails, in the vast majority of cases, after the initial email is responded to the attacker will ask to do a wire transfer.

To Read Full Article Please Fill Some Details

Jyoti Gazmer

A Mass Comm. graduate believes strongly in the power of words. A book lover who dreams to own a library some day. An introvert but will become your closest friend if you share mutual feelings about COFFEE. I prefer having more puppies over humans.

Related Articles