How Business Email Compromise (BEC) Works
Rather than using a very general pretext designed to fool a large number of users, this particular attack is targeted directly at an individual or small group.
A BEC attack relies upon the ability to look like someone with power within a company or a trusted external partner. An attacker can accomplish this in a few different ways, including:
- Domain Spoofing: Email address verification is not built into the email protocol (SMTP) by default. This means that an attacker can fake the display name and sender address of an email to make it look like it came from inside the company or a trusted vendor. SMTP allows the sender to define a different address to send replies to, ensuring that they receive any responses.
- Lookalike Domains: Lookalike domains are designed to take advantage of characters that can be easily confused. For example, the domains company.com and cornpany.com look similar enough that they could fool someone not paying attention.
- Compromised Accounts: If an attacker has access to a legitimate account, they can use it in a BEC attack. This adds a level of authenticity because the email is actually coming from a trusted address.
A BEC attack takes advantage of a seemingly-legitimate email address to trick the recipient into taking a certain action. The most common goal of a BEC attack is to convince the target to send money to the attacker while believing that they are performing a legitimate, authorized business transaction.
How to Protect Against BEC Attacks
A successful BEC attack can be extremely costly and damaging to an organization. However, these attacks can be defeated by taking a few simple email security precautions, including:
- Anti-Phishing Protections: Since BEC emails are a type of phishing, deploying anti-phishing solutions are essential to protecting against them. An anti-phishing solution should be capable of identifying the red flags of BEC emails (like reply-to addresses that don’t match sender addresses) and use machine learning to analyze email language for indications of an attack.
- Employee Education: BEC attacks target an organization’s employees, making email security awareness training vital for cybersecurity. Training employees on how to identify and respond to a BEC attack is essential to minimizing the threat of this form of phishing.
- Separation of Duties: BEC attacks try to trick employees into taking a high-risk action (like sending money or sensitive information) without verifying the request. Implementing policies for these actions that requires independent verification from a second employee can help to decrease the probability of a successful attack.
- Labeling External Emails: BEC attacks commonly try to impersonate internal email addresses using domain spoofing or lookalike domains. Configuring email programs to label emails coming from outside of the company as external can help to defeat this tactic.
Check Point Harmony Email & Office provides protection against BEC attacks and data loss prevention. To see Harmony Email & Office in action, you’re welcome to schedule a free demo.