Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money. Common examples: One example is Spear Phishing, this is where the malicious actor [...]
Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money.
Common examples:
One example is Spear Phishing, this is where the malicious actor targets a specific individual within an organization by attempting to social engineer them into doing some action. Such as transferring money to an account, or disclosing sensitive information.
Another example is sending a Phishing email containing an attachment to someone in the organization trying to get them to open the attachment. The attachment could be one of many different types, PDF, Word document, Excel spreadsheet, etc. This attachment briefly could appear legit but once opened could contain malicious software called Malware.
Business Email Compromise was the most reported incident to the FBI’s Internet Crime Complaint Center in 2022, according to Cisco Talos. The FBI reported that BEC was on the rise and resulted in $2.7 Billion in losses. The 2023 Verizon Data Breach Investigation report for SMBs stated, “Social Engineering incidents have increased from the previous year largely due to the use of Pretexting, which is commonly used in BEC, almost doubling since last year.”
https://www.verizon.com/about/news/2023-data-breach-investigations-report
https://www.ic3.gov/Media/PDF/AnnualReport/2022_IC3Report.pdf
How do we reduce the risk for your organization?
Human error is the goal of many BEC attacks, the malicious actor tries trick an individual into taking an action. The primary defense against this is Cyber Security training and education. We offer cyber security awareness training to provide knowledge of how to spot questionable emails and how to respond.
Technical controls are implemented to add more layers of defense. Taking a layered approach, we can stop most attacks before they even make it to the end user by implementing spam filtering, URL scanning to check for malicious webpage links, secure configurations, and malware scanning.
To learn more about how we can help reduce your risk, contact us to schedule a free consultation.
Brute force password attacks represent a significant cybersecurity threat, where attackers employ relentless automated methods to gain unauthorized access to user accounts. This article delves into the mechanics of brute ...
Business email compromise (BEC) is a category of cybercrime where malicious actors try to manipulate or compromise email accounts within an organization usually trying to gain access to sensitive information or social engineer someone to transfer money. Common examples: One example is Spear Phishing, this is where the malicious actor targets a specific individual within ...
Post comments (0)