Business Email Compromise (BEC) is a type of spear phishing attack that can significantly damage the goodwill and credibility of your organisation. Before it wreaks havoc, take preventative action to shield your company from potential breaches. If you are unaware of BEC attacks, here’s an overview of what you need to know to defend your organisation.
What is a BEC Attack?
BEC is a type of spear phishing attack. If you didn’t already know, around 25% of all data breaches involve phishing and a whopping 92% of Australian organisations experienced a successful phishing attack in 2021. Phishing is a form of cyberattack with a very high success rate. In spear phishing, the attack is launched after identifying a particular target and gaining trust to compel that target to do something that the cybercriminal wants, which usually is financial fraud or credential theft. Accordingly, the target is identified and approached through an email.
The target could be someone from the Finance department who is in charge of releasing payments or someone who holds access to confidential credentials that the cybercriminal is after. Once the target’s email ID is procured, the cybercriminal starts sending spear-phishing emails to trick the target into believing it’s from a regular vendor or someone in an authoritative position within the organisation.
They might also pretend to be vendors your company deals with regularly and raise invoices or guise themselves as the CEO asking for the bulk purchase of gift coupons or passing credentials. Since most organisations lack direct interaction between the finance team and the C-Suite, cybercriminals often succeed in their attempts. Your employees might not even realise this until it’s too late. After all, the average time taken to detect a data breach in 2021 was 212 days.
What Should I do?
If you sense that you might be a BEC victim, immediately follow the preventive measures listed in the ACSC resources for Outlook email and Gmail accounts. You then must report the incident to the ACSC so law enforcement can attend to it. You might also want to take other measures, like emailing everyone about the breach and alerting them against potential damage that the threat actor can cause.
BEC attacks are on the rise, and although hard to detect, you can minimise their possibility by implementing specific cybersecurity tools and policies, such as introducing strong encryption, email filters and employee cybersecurity awareness training programs.
PhishNet delivers highly effective, engaging, and affordable cybersecurity awareness training to help businesses mitigate the risks of human error data breaches.
Talk to PhishNet today to learn more, or click here to download our eBook How to Prevent Cybersecurity Breaches cause by Human Error.