How do fraudsters utilize business email compromise?
There are two main culprits when it comes to BEC. The most common BEC attack is from non-lookalike domains. These attacks include name spoofing and non-lookalike domain spoofing. This attack happens on a high frequency and is well publicized.
The most dangerous BEC attack is when bad actors buy lookalike web domains and make them email capable. The goal is to pretend to be you, a colleague while communicating to vendors, counterparties or to fellow employees. This is a dangerous alternative to spoofing because protections put in place will not stop these emails. Furthermore, these lookalike domains are also used for cybersquatting, phishing, and attempts to redirect the companies’ web traffic. These types of attacks go far beyond BEC.
This problem is compounded with a lack of training and outdated policies and procedures. When an employee reads an email with a strong sense of urgency, pressuring him or her to ignore or bypass your employer’s policies. It is vital for employees to always follow work-related policies and procedures, even if the email appears to come from your boss or the CEO. Therefore, organizations must have up-to-date policies and procedures to make sure employees are fully educated and adhering to rules.
Display name spoof: “Jane Doe” firstname.lastname@example.org. This spoof shows a name as displayed but has a different email address. We see this using Gmail, Yahoo, and the large email service providers.
Traditional spoof: “Jane Doe” email@example.com. This spoof shows the display is the same can believably be the email address Jane might have. Same as display name spoof, we see this using Gmail, Yahoo, and the large email service providers. This is more dangerous because the scammer took more time to try and trick the victim.
Lookalike domain: Actual Bret Laughlin email “Jon Doe” Jon.Doe@braintrace.com. Fake lookalike domain email “Bret Laughlin” firstname.lastname@example.org. It might be difficult to see but the fake email is spelled “Briantrace” rather than “Braintrace” (the ‘i’ and ‘a’ reversed). Spoofing protection will not stop this attack.