SBN

How to Prevent BEC With Email Security Features

Business email compromise (BEC) has bilked unsuspecting institutions around the world for more than $9 billion dollars. A whopping two-thirds of these attacks are initiated via email. Therefore, it is imperative =your company have a fortified front. In this article, we will discuss how to prevent BEC with email security features.

What is Business Email Compromise?

BEC is a type of phishing, but it is more dangerous. This is because thieves take extra time to get to know the company they are targeting. They’ll scour social media feeds and even use information listed on the company website to better impersonate an executive.

Then, if they haven’t broken into the network itself through a phishing attempt, they’ll pose as an executive and send an email, sometimes from a domain that looks similar to one tied to the business (i.e., @your-company.com instead of @yourcompany.com). In the email, they’ll casually request a wire transfer or access to W-2 forms, another popular target. Unwitting employees quickly reply, losing money or information in the blink of an eye.

The problem with catching and preventing BEC scams is there are often no red flags used in standard email protection. Since there are no images, trigger words or malicious attachments, a traditional anti-spam software program, while still important, is of little use.

Five Email Security Features That Will Help Prevent BEC Attacks

To maximize protections against BEC, you should be sure your system includes these additional security features.

  1. Dual authentication: Dual authentication involves confirming email sign ins from two separate systems, e.g., your desktop and a smartphone. Users that sign in to the desktop application are sent an SMS message with a temporary code that must be inputted before login is complete. This extra step can prevent breaches when the hacker (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Chris Sienko. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/aeI3J0A15zc/