Braintrace BEC Protection Service
What is business email compromise (BEC)?
A BEC attack begins with a cybercriminal hacking email accounts, cybersquatting lookalike domains while making them email capable, and spoofing emails to impersonate your company’s supervisors, CEO, counterparties, or vendors. The email looks authentic, seems to come from a known authority figure, so the employee complies. Typically, the fraudster will ask for money to be wired or checks to be deposited, whatever the usual business practice. However, this scam has evolved by using the same technique to steal employee’s personally identifiable information, or wage and tax forms (ex. W-2).
How do fraudsters utilize business email compromise?
Lookalike Domains:
The most common is from non-lookalike domains. These attacks include name spoofing and non-lookalike domain spoofing. This attack happens on a high frequency and is well publicized.
Non-Lookalike Domains:
Display name spoof: “Jane Doe” bob@gmail.com. This spoof shows a name as displayed but has a different email address. We see this using Gmail, Yahoo, and the large email service providers.
Traditional spoof: “Jane Doe” janedoe@gmail.com. This spoof shows the display is the same can believably be the email address Jane might have. Same as display name spoof, we see this using Gmail, Yahoo, and the large email service providers. This is more dangerous because the scammer took more time to try and trick the victim.
The most dangerous BEC attack is when bad actors buy lookalike web domains and make them email capable. The goal is to pretend to be you, a colleague while communicating to vendors, counterparties or to fellow employees. This is a dangerous alternative to spoofing because protections put in place will not stop these emails. Furthermore, these lookalike domains are also used for cybersquatting, phishing, and attempts to redirect the companies’ web traffic. These types of attacks go far beyond BEC.
Lookalike domain: Email “Jon Doe” Jon.Doe@braintrace.com. Fake lookalike domain email Jon@briantrace.com. It might be difficult to see but the fake email is spelled “Briantrace” rather than “Braintrace” (the ‘i’ and ‘a’ reversed). Spoofing protection will not stop this attack.
Depth of BEC – FBI 2018 Findings
In 2018, the FBI’s Internet Crime Complaint Center (IC3) received 62,321 Business Email Compromise (BEC), phishing, and spoofing complaints with adjusted losses of $1.41 billion (BEC alone was $1.2 billion). Overall, 2018 saw a 92% increase in internet crimes with total losses over $2.7 billion with over 350,000 incidents.
BEC attacks accounted for 44% of total monetary loss by internet crimes, targeting businesses and individuals performing wire transfer payments.
BEC is constantly evolving as scammers become more sophisticated. In 2013, BEC scams routinely began with the hacking or spoofing of the email accounts of chief executive officers or chief financial officers, and fraudulent emails were sent requesting wire payments be sent to fraudulent locations. Through the years, the scam has seen personal emails compromised, vendor emails compromised, spoofed lawyer or title company email accounts, requests for W-2 information, and the targeting of the real estate sector.
The IC3, unfortunately, does not have the manpower to take on each incident. Last year there were over 350,000 internet crimes reported with only 1,031 incidents the FBI intervened in.
How we protect you from BEC and Phishing Scams
HOW WE PROTECT YOU
Since cybercriminals utilize the various attack methods, Braintrace has created a comprehensive, yet simple solution to protect against these complex and diverse email attacks. Braintrace combines and synchronizes best-in-breed technology, professional services, and impactful education to protect against BEC and Phishing attacks.
TECHNOLOGY
- Cybersquatting Service: Monitor and detect the registration of rouge look-alike domains before they can be used nefariously. Service includes domain takedown enforcement action.
- Compromised Credentials: Know which users have exposed credentials on the dark web, which can be used to compromise their email accounts.
- BEC/Phishing Threat Feed: Protect against non-look-alike domain emails actively being used to target other organizations by blocking them before they’re used against yours.
SERVICES
- Intelligent Email Blocking: Fine-tune email blocking rules to catch non-look-alike domain emails and emails with display names used to impersonate your users.
- Anti-Spoofing: Properly configure SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to prevent your domain from being spoofed. Included are periodic checks to test if your domain can be spoofed.
- BEC Email User Testing: Similar to testing your users with phishing emails containing links and attachments, BEC Email User Testing replicates real-world BEC attempts to assess your users’ susceptibility to these clever social engineering emails that don’t have the hallmark signs of a typical phishing email.
- Policy and Procedure Management: Regardless of the techniques cybercriminals use to conduct BEC’s, data and financial losses ultimately result due to poor management of policies and procedures. Review and strengthen your policies and procedures to prevent unauthorized transfers of funds and data. This service also helps institute and test an Incident Response (IR) plan focused on actions, roles, and responsibilities in the aftermath of a BEC to significantly increase the likelihood of recovering stolen funds.
EDUCATION
- User Awareness Training: Provide your users with interactive, self-paced security awareness training ranging in topics from BEC, phishing, malware and more. End-user education and awareness is key to preventing BEC’s and other email vector attacks.
Braintrace BEC Protection Service
Request More Information
SPECIAL SECURITY OFFER
Dark Web Scan
Leveraging Nurostorm, our proprietary Dark Web Intelligence and Analytics platform, we’ll gauge your exposure on the dark side of the web.