Cybersecurity Trends – BEC Phishing
Ransomware may be the number one cyber threat but there is another, newer cyber attack that is not being talked about enough and yet, can result in the loss of millions of dollars for companies who are affected by it and lead to the complete shutdown of their email systems– Business Email Compromise.
Business Email Compromise or BEC is an exploit in which the attacker gains access to a corporate email account and spoofs the owner’s identity to defraud the company or its employees, customers or partners of money. Unlike the typical phishing attacks that target everyone, BEC specifically targets high level business executives such as the CFO or corporate attorney to initiate a wire transfer.
BEC scams have three main versions:
- The Bogus Invoice Scheme: this scheme involves a business that has an established relationship with a supplier. The attacker then requests a wire transfer for invoice payment to an fraudulent account via spoofed email, telephone, or facsimile.
- CEO Fraud: in this scheme, the attacker pretends to be a high-level executive or attorney who requests a wire transfer to be initiated with instructions to urgently send funds to their bank.
- Account Compromise: in this version, an employee’s email account is hacked and then used to make requests for invoice payments.
And though not as common as the typical phishing email, an FBI announcement in 2017 confirmed that between October 2013 and December 2016, organizations across 131 countries suffered as many as 40,203 successful BEC attacks which cost them upwards of $4 billion in total.
Pronto Recovery offers an Alternate Email and Communications solution that will allow companies to maintain the ability to communicate and resume operation in the event that they are not able to access their email system due to a BEC or other cyber-attack.