How to Keep Sensitive Data Safe from Business Email Compromise


Business email compromise (BEC) attacks show no signs of slowing down. Recently, Trend Micro revealed BEC attacks cost businesses $9 billion by the end of 2018. Targets include both large and small firms functioning in a range of vertical industries, which proves adversaries aren’t picky about who they’ll attack.

DevOps Connect:DevSecOps @ RSAC 2022

At its core, business email compromise is an adaptation of social engineering, executed to disrupt an individual’s routine. Someone can say they’re your company’s supplier, talk like one and send emails from a previously used email address and not be your supplier. Usually, BEC attacks are carried out to steal money from businesses, but now cyber criminals are going the extra mile to design advanced BEC strategies for invading and spoofing data and other assets from companies of all sizes.

Conventionally, BEC actors used keyloggers to spoof account information and data from target systems. However, executable files inside attachments will be flagged by most email systems as there’s a good chance the attachment contains malware. Hence, hackers have transitioned into the new domain of BEC emails where they impersonate a senior person and use psychological techniques to get information from their target.

The most crowded rung comprises of adversaries who are sending out legit-looking emails to a broad swathe of personnel in anticipation of catching them off guard. The emails are more sophisticated than the Nigerian-entrepreneur-seeking-a-loan scams, and their goal isn’t always to extract funds, but rather information and data that can be sold on the black market.

Fraudsters will do their research on a target organization, scour compromised accounts, examine the potential victim’s routine on social media and read recent company news. With all the necessary information at their fingertips, imposters then establish a way to access a critical layer of information about businesses and their executives in a (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: