The proportion of email-delivered attacks has reached a record of 86% of all file-based in-the-wild attacks, compared to web-based attacks, according to the latest 2023 cyber security report. Cybercriminals are increasingly using various types of archive file formats to conceal malicious payloads. Business email compromise (BEC) is one of the most damaging and expensive types of phishing attacks in existence. While ransomware tends to attract more notoriety, BEC-related scams totalled $2.7 billion in 2022, compared to $34 million for ransomware, according to the FBI. BEC attacks have become more sophisticated over time and target large and small companies and organizations in every U.S. state and more than 150 countries worldwide. The latest form of BEC attack, BEC Firm Impersonation, uses legitimate services like PayPal and Google Docs to gain access to inboxes.
To protect against BEC attacks, you may take one of the following precaution steps:
- Anti-Phishing Protections: Since BEC emails are a type of phishing, deploying anti-phishing solutions are essential to protecting against them. An anti-phishing solution should be capable of identifying the red flags of BEC emails (like reply-to addresses that do not match sender addresses) and use machine learning to analyse email language for indications of an attack.
- Employee Education: BEC attacks target an organisation’s employees, making email security awareness training vital for cybersecurity. Training employees on how to identify and respond to a BEC attack is essential to minimising the threat of this form of phishing.
- Separation of Duties: BEC attacks try to trick employees into taking a high-risk action (like sending money or sensitive information) without verifying the request. Implementing policies for these actions that requires independent verification from a second employee can help to decrease the probability of a successful attack.
- Labelling External Emails: BEC attacks commonly try to impersonate internal email addresses using domain spoofing or lookalike domains. Configuring email programs to label emails coming from outside of the company as external can help to defeat this tactic.
24 March 2023
