Cybercriminals are constantly searching for more effective attack methods. While cyber-aware employees can spot the red flags in basic, award-promising email scams, most won’t think twice about clicking on a link sent by their boss.
Business email compromise is a sophisticated social engineering attack meant to deceive victims by impersonating trusted individuals — their colleagues. Unlike traditional phishing scams, these attacks are highly targeted and personalized, relying on broader research about the company, its employees, and even conversations within the organization.
According to the FBI Internet Crime Report, business email compromise was the second most expensive cybercrime by experienced loss, amounting to over $2.7 billion. It’s held this title for three consecutive years, and the reported losses haven’t gone under the $2.7 billion mark.
From a technical standpoint, business email compromise is a very effective attack because it doesn’t require the use of malware, which makes them easier to deploy and they can go undetected by standard cybersecurity tools.
Cybercriminals typically carry out business email compromise attacks using data available online: they research the company, its departments, and its employees using platforms like LinkedIn. Afterward, they create look-alike domains to impersonate authority figures in the company, such as managers, and craft convincing emails asking for credentials, sensitive data, or wire transfers.
Attacks that utilize data available online are more standard, resembling basic social engineering scams. However, since they’re targeting companies — not individuals — they usually carry the potential of more significant monetary gain for cybercriminals.
Even without gaining access to the network, hackers can trick employees into transferring company funds to their controlled accounts, get their hands on confidential data that they can sell to competitors or publish on the dark web, or gather sensitive personal information on employees or clients, resulting in a data leak.
In more advanced cases, cybercriminals utilize the dark web to search for previously leaked employee credentials and use them to access business accounts. Once they have access, they monitor daily conversations, gather more context, and wait for the right time to strike — once the stakes are high or the target is more likely to fall for their scam.
If they manage to infiltrate an account to collect intelligence, hackers could be waiting for the perfect opportunity to request a wire transfer by impersonating a vendor or re-direct employee salary payments. However, business email compromises are often a gateway to deploy more damaging attacks.
The first step companies should take to safeguard against business email compromise attacks is to build a comprehensive security strategy and raise employee cybersecurity awareness.
Even the most cyber-aware user can fall victim to business email compromise attacks because they exploit the added layer of trust that comes with impersonating a person of authority in the organization. As a result, businesses should educate their employees on this specific type of attack — what constitutes suspicious activity and how to adopt a better-safe-than-sorry approach. Reinforcing policy and procedures requiring written documentation and dual approvals where sensitive data or wire transfers are involved also help to reduce the possibility of employees falling victim to scams.
If employee credentials have been compromised and published on the dark web, companies need to monitor the affected users for suspicious activity, such as unusual log-in attempts. Enforcing multi-factor authentication and resetting the passwords of compromised users can also prevent hackers from infiltrating the network.
For more information, visit nordstellar.com
