Business email compromise attacks (BEC) have spiked by 80% over the past quarter, according to a report by Mimecast. The security provider revealed that over the past three months it had blocked over 41,000 BEC attempts that went undetected by other vendors.
Additionally, Trend Micro released a report showing that BEC attacks doubled in the second half of 2017 compared to the first half of the year.
Business email compromise takes place when employees of an organization are manipulated into transferring large sums of money from the organization to an attacker posing as the CEO or CFO. The attack usually starts with a successful spear-phishing email that grants an attacker access to the organization. Once inside, the attacker can spend months observing the internal operations and communications of the organization. After becoming familiar with the organization’s schedule and employees, the attacker spoofs an email from the CEO to one of the employees asking them to wire money to the attacker’s account.
The FBI stated that BEC has caused the loss of over $12 billion between October 2013 and May 2018.
The best way to defend against BEC attacks, according to the FBI, is to use face-to-face or voice-to-voice communication. Additionally, requiring multi-factor authentication for payments can add a layer of security, particularly if one of the authentication methods is confirmation by phone call. Finally, increasing employee awareness of email security can prevent an attacker from gaining access to the organization in the first place. Sound policies, and employees trained to follow them, can help block BEC before it starts.
Infosecurity Magazine has the story: https://www.infosecurity-magazine.com/news/bec-detections-soar-80/
CEO Fraud Prevention Manual Download
CEO fraud has ruined the careers of many executives and loyal employees. Don’t be next victim. This brand-new manual provides a thorough overview of how executives are compromised, how to prevent such an attack and what to do if you become a victim.
PS: Don't like to click on redirected buttons? Copy and paste this link in your browser:
https://info.knowbe4.com/ceo-fraud-prevention-manual
Source (and more at): DARKReading