Description :
Hello folks and hope you had a restful holiday. At the dawn of the New Year, we'd like to wish you all a prosperous 2019, with personal and family fulfillment! We look forward to being your companion all year round. 😎👍
While Hollywood may portray hacking as a complicated endeavor which requires sophisticated technical expertise and endless nights spent staring at a computer, the truth is that hackers rely on a variety of methods, some of which are as simple as sending company employees an email pretending to be a reputable source. In fact, taking advantage of security loopholes among your company’s employees is one of the most reliable and fastest ways for malicious parties to access your company’s sensitive data.
Often times, hackers or other criminals can simply send fake emails – also called “spoofed” emails – purporting to be from a reputable source, which can gain the attention of company employees who then surrender data or even money. Other times, hackers can gain access to your corporate email lists and send out emails to your clients and vendors requesting money.
Hackers can even pretend to be the CEO and contact employees of your organization with demands such as emergency payments. Read on to learn more about the many different forms of Business Email Compromise, its harmful effects, and how to prevent it from happening within your company.
What is Business Email Compromise?
Business email compromise, refers to a type of cybersecurity infiltration that can occur in a company or business. In a business email compromise, which is also called BEC, malicious parties such as hackers or criminal organizations typically target high-level employees of an organization, such as corporate executives. Hackers may send emails to the executives, in a practice known as phishing.
Phishing is a fraudulent form of email activity, in which hackers send emails pretending to be reputable companies to obtain information such as passwords, credit card numbers, and even financial payments. In BEC, high-level corporate executives are strategically targeted so that hackers can obtain confidential information and payments from the executives. This can pose significant risks to a company’s operations, both in terms of data loss and financially.
How does a typical email cyberattack work? There are four types of BEC scams which we will discuss in the next section.
Four Types of Email-Based Cyberattacks
There are several types of BEC scams. Hackers can pretend to be an employee in your organization to obtain information from your real employees, or they may be able to access sensitive information, such as a list of email contacts, to request payments from people with whom your company may work.
Two types of BEC which involve the hackers pretending to be a reputable source are CEO fraud and attorney impersonation. In CEO fraud, the malicious parties pretend to be an executive and contact finance or the human resources department of a company, demanding an emergency payment. Hackers can also pretend to be a lawyer or an employee from a law firm to obtain access to sensitive data – this is known as “attorney impersonation.”
Other types of BEC scams take advantage of employees’ poor data security practices rather than purporting to be high-profile members of your company. In account compromise, a high-level exec’s email is hacked, and the email address is used by hackers to request payments from clients listed in the executive’s email contacts. Hackers can also steal other types of data, and even steal data from company employees. Data theft can occur in which hackers obtain personally identifiable information (also called PII) from the human resources department, which can be used to plot further cyberattacks.
While these attacks may seem different, the common thread that unites all of them is that they result from poor cybersecurity and safety practices among all levels of employees within an organization. High-level corporate executives are prime targets for hackers because of their stature in the organization and access to confidential data. However, entry-level employees who are poorly trained in email security best practices can also risk clicking on links in emails sent by hackers and unknowingly sending malicious parties your company’s sensitive data, or even their own personal information.
Companies who do not train their employees on cybersecurity best practices, therefore, risk exposing sensitive corporate data, which can not only hurt the business’ bottom line and potentially leak data to competitors, but can cost companies thousands, and even millions, of dollars as they seek to institute damage control. The best way to avoid dealing with the fallout of a BEC, is to be prepared and train employees across your organization – from entry-level employees, to human resources, to high-level executives -- in best practices for maximum email security.
How Can I Prevent Business Email Compromise in My Organization?
The best way to prevent BEC in your company is to utilize state-of-the-art security practices and train employees on email best practices. Make employees aware of the dangers of email phishing and impersonation scams. Remind your employees – whether they are entry-level or at the top of the corporate food chain – that they should never open emails from people that they do not recognize, and should certainly never click on links in emails from unknown senders, due to the fact that such emails can be phishing attempts.
Your information technology staff, can also institute several security practices which make it more difficult for hackers to gain access to your information in general, even in the event of a data breach. Emails should be sent over an encrypted server, so that anyone who can access your internet network cannot read the information being sent over the network. Another important cybersecurity practice, that is now utilized in most secure servers is two-factor authentication, which requires users to input a passcode sent to their email or mobile device to gain access to a website or online service. Two-factor authentication on company email accounts, can make it more difficult for hackers to gain access to company emails.
Finally, minimize your electronic “paper trail” to make it more difficult for hackers to gain employees’ personal information. Financial information such as W-2 forms and tax forms should also be delivered to your human resources department in person to avoid having sensitive personal information being leaked to hackers. Finally, limit the number of employees who are authorized to disperse company funds, and make sure to set alerts and limit the number of withdrawals from this fund.
Source: Panda Security
Interested in learning more about how to protect your company against email compromise? Panda Security is a Spanish company that specializes in the development of high-tech products to help internet users navigate the web more safely and securely. Head over to Panda Security’s blog for more information on business email compromise, including a helpful infographic and warning signs to look for in an email to determine whether or not it is compromised. By educating your company’s employees about the dangers of BEC, you can help stop these cyberattacks and improve corporate security.
If you found this article of interest, we'd love to hear what you think!
*by andreascy*