Business Email Compromise (BEC), also known as Imposter Email or CEO fraud, is an evolving threat designed to make victims believe they are transferring money or data to an external supplier, business executive, attorney or broker when they are in fact being swindled by cyber-criminals, who will often even follow up with an impersonator’s phone call to ensure transactions are seen through.
A Business Email Compromise Scam will typically ask the recipient for either a transfer of money or for confidential information such as W2 forms. These threats are highly targeted and rely on social engineering rather than malware, meaning that such “Imposter Emails” often evade security solutions that look only for malicious content or behavior. At their heart, BEC fraud is a simple con or deception perpetrated on a broad scale. Criminal organizations use legal, linguistic, hacking and social expertise to trick key actors out of the transfers they seek.
With our email security solutions, we provide a high level protection for small and medium-sized businesses, using machine learning technology to protect you from a Business Email Compromise. As well, considering BEC are often layered attacks, our solution provides protection across as many layers as possible. This requires understanding that attacks can not only come from imposters “within” an organization, but also spoofed lawyers, accountants, suppliers, vendors or any other party a target is familiar and comfortable conducting major transactions with.
Business Email Compromise is a unique type of phishing email that is driven not by gaining credentials or using malicious links and malware to uncover information, but simple social engineering and misleading email tactics to divert funds or information from high-authority targets. With Vircom’s leading phishing protection and prevention, you’ll have peace of mind in knowing your employees will be protected from phishing emails and the variety of tactics they use.
New Business Email Compromise attempts often have a pattern where the email is from a local domain to a local domain, but with a non-local reply-to address. A good filter will spot these, particularly if it includes Domain-Based Message Authentication, Reporting & Conformance (DMARC) to prevent spoofed emails from reaching users. A great email filter will also include Advanced Threat Protection (ATP) that provides both signature-based detection (an important safeguard) while also catching irregular behavior and likely malicious emails.
DMARC authentication can serve to filter out many imposter emails, while publishing a policy can also increase this protection from “internal” imposters, while also ensuring that outbound email properly represent a company’s brand. Up to 75% of BEC attacks use reply-to spoofing and some other tactics that can be stymied by DMARC. Publishing a Sender Policy Framework (SPF), a requirement to publishing a DMARC policy, also helps reduce certain variants of email spoofing by ensuring that only valid domains are authorized to send emails on one’s behalf. With increased DMARC adoption, businesses can add even more capability in BEC prevention and reducing their vulnerability to other spoofed messages from both within and without their domains.
Business Email Compromise is a growing threat to businesses of all sizes that will cost billions of dollars in the years to come. Request a demo to discover more about what it takes to prevent BEC fraud from imposing costs on your business.CONTACT US FOR A DEMO