You Would Never Know If You were a victim of Business Email Compromise!
A business email compromise is the silent cyber killer. Are you in danger?
Business email has been around for over 40 years, and it appears that attempts to hack into email accounts have been around almost as long. As the volume of messages sent each day increases (from 270 billion, five years ago, to 330 billion today), so does the frequency and sophistication of BEC scam attacks. A business mail compromise (BEC) attack is one of the worst offenders.
So, what is a BEC scam?
BEC is a sophisticated sort of social engineering in which attackers send messages that appear to have come from corporate executives. The purpose of this form of phishing attack is to dupe the victim into wiring money to the attacker’s account.
Once an attacker begins submitting phony payment requests, detecting them becomes extremely tough. As a result, preventing them from acquiring access in the first place is a superior method. Cyber thieves exploited cloud-based email systems to steal more than US$2 billion from US businesses in 2020, with half of the instances being linked to business email compromise scams. Two-thirds of BEC scams targeted cloud-based email systems, with 98 percent of them aimed at Office 365 vulnerabilities.
What is the process of a business email compromise attack?
Many firms introduced conditional access restrictions to safeguard their networks from phishing assaults when employees worked from home during the peak of the pandemic. An attacker could only log in from a specified location, as indicated by their IP address, even if they stole or guessed a valid user’s password. Conditional access controls stopped almost half of the BEC threats detected in 2021. The others used VPNs to spoof the attackers’ physical location and get around the rules. Researchers have seen a 50% increase in the use of VPNs and hosting providers to access hacked accounts since 2019.
Last year, one out of every ten attackers managed to get through poor multi-factor authentication (MFA) defenses, either by accessing mailboxes over legacy protocols that don’t support MFA or by utilizing phishing attacks to trick victims into visiting counterfeit Okta or OneLogin authentication pages. Attackers then use a classic man-in-the-middle attack to get access to your accounts bypassing the stolen authentication codes to the legitimate Okta or OneLogin pages.
Some BEC Scam Examples
Business email compromise scams have harmed even firms with strong security processes. Employees of the two most well-known software firms were victims of the largest publicly publicized BEC fraud. Evaldas Rimasauskas, a Lithuanian con artist, duped employees at Facebook and Google into transferring him more than US$120 million over the course of three years. He achieved it by setting up a phony notebook PC manufacturer with the same name as a legitimate one and having companies wire him money for fictitious invoices. Rimasauskas was sentenced to five years in federal prison in 2019.
It’s not just Apple and Google. Toyota, the Puerto Rican government, the City of Saskatoon, the Pathe theatre network in France, and tens of thousands of other companies and government systems have been harmed.
Who is most at risk from a BEC scam?
Last year, Office 365 was the target of the vast majority of business email compromise assaults. Gmail was targeted by less than 1% of people. The reason for this is due to the configuration of various email services. IMAP and POP 3 protocols are enabled by default in Office 365 Exchange. Multi-factor authentication is not supported by either of these outdated protocols (MFA). Basic authentication, which allows users to access their inboxes by keeping their username and password on a device, is also available in Office 365. This makes accounts vulnerable to brute force or password spray assaults.
In contrast, Google Workspace disables these capabilities by default, however, you can enable them if you absolutely want to. From October 2022, even Microsoft decided to discontinue Basic Authentication. However, attackers still have six months to compromise your business.
How to prevent BEC attacks and reduce the risk?
You can take a few steps to lower your risk of a BEC scam, especially if your company uses Office 365:
• Access to older protocols that don’t support multiple authentication methods should be disabled. POP3, IMAP, and basic authentication are all included.
• Higher levels of conditional access should be implemented for personnel who are easy targets for attackers. This could include high-ranking executives or those with access to sensitive or confidential information.
• Introduce MFA. However, make sure you use FIDO (Fast ID Online) Alliance-approved phish-resistant security keys. By validating the browser being used to enter a user’s credentials, FIDO keys avoid man-in-the-middle attacks.
• Use the adaptive multi-factor authentication (AMFA) capabilities of Okta. On the same day, AMFA can detect and deny suspicious authentication attempts including strange locations, new devices, or log-in attempts from two sites that are thousands of miles apart (a.k.a. “impossible travel”).
• Be on the lookout for unusual authentication behavior. Microsoft Defender for Cloud Apps and Azure AD Identity Protection are excellent solutions for this. They enable you to track frequent authentication patterns for employees and indicate unusual behavior as a possible sign of an attack and the need to reset an employee’s password.
BEC scams are only expected to become more common as long as cybercriminals profit in the billions. As the market goes toward “secure by default,” MFA security threats will become more common. Taking simple steps to prevent email compromises now is your best option for avoiding costly consequences later.