Business Email Compromise – A Major Threat per FBI
I was a little late getting to my monthly threat webinar due to spring break and other commitments, but that doesn’t mean the topic is not important. For March I wanted to cover the threat known as Business Email Compromise (BEC) which the US FBI issued an alert about last year. Since then the number of businesses that have fallen prey to this threat has grown tremendously and the actors behind it have garnered over $2B in profit.
There are 3 types of attacks associated with BEC including:
The biggest challenge with the CEO Fraud attack is that there typically isn’t any malware associated with this. Socially engineered email is used after the threat actors have done a lot of intelligence gathering of the organization and its employees through their own website and social media. The email does not contain any attachments or embedded URLs and simply attempts to get a financial employee to wire transfer funds to the criminals. This means that most messaging security solutions may struggle detecting these, unless they have specific technologies to address this threat. And based on the profits mentioned above, it seems this threat is making its way into organizations pretty easily.
I cover CEO Fraud and the other attacks above in my recorded webinar but more importantly share some solutions and best practices businesses can do to protect them from this threat. I hope you enjoy the presentation and feel free to leave a comment below if you have any questions or leave me a recommendation for future webinars on what threats you’d like me to cover or follow me on Twitter; @jonlclay.