What is Business Email Compromise?
Protect yourself from Business Email Compromise
The FBI refers to Business Email Compromise as “one of the most financially damaging online crimes.” You can read the FBI’s full synopsis on BEC here.
A recent study suggests that in 2019 50% of the financial loss suffered by ransomware victims was a results of Business Email Compromise. BEC scams fleeced companies out of a record 26 Billion dollars.
Hackers know that BEC is an effective and highly profitable means for them to make serious money. It should be no surprise that the number of BEC related attacks is expected to increase.
BEC consists of one or all of the following:
- Account Take Over
- Domain Fraud
- Email Rule Modification
Account Take Over Account take over is where hackers literally take control of an individual email account, or the entire organization’s email portal. With control over the email account, hackers are free to listen in on email conversations. They can also freely inject themselves into the conversation, and divert communication to their own email addresses and keep this communication private.
Account take over can lead to stolen funds, and could even affect outside parties.
Domain Fraud Domain Fraud can involve hackers registering fake domains that are similar to your companies domain. For example, if your domain is www.fido.com, an attacker could easily register www.fid0.com www.fido.com, and www.fid0.com look very similar.
A hacker would then created a firstname.lastname@example.org and send an email from this fake account to email@example.com If the recipient isn’t paying close attention, they may be led to believe that they received a legitimate email. In reality a fake email was sent.
Hackers could even set up a fake website, with a similar look to your actual website.
Email Rule Modification Once an attacker has access to your email account, or your company’s email accounts, they will make changes to the email rules. These changes will alter where emails are delivered. In some cases you will be oblivious to these changes. Email rules can be set to forward every email to an outside address.
Unless someone went looking at all of the outbound email, the rule would go undetected. Hundreds if not thousands of emails could be sent off to the hacker’s address and you would never even know it.
Fortunately, there are services that can notify you upon email rules being modified, identify suspicious email domains, and alert you to unauthorized log ins to your email accounts.
The great news about these services is that they do not involve changing your MX records or modifying where email is routed to. These services can work alongside your existing spam filtering service, and are vital in protecting your Office 365 environment.
If you use Office 365, then you need Office 365 email protection. You need more than simple spam and virus filtering. You need to know if rules are changed, if suspicious emails arrive, and if unauthorized logins occur.
Contact us today at 216-619-2000 opt 3 for a cost effective solution to prevent Business Email Compromise and see how easy it is to get the protection you need.