Related Links

Business email compromise (BEC) is one of the most financially damaging online crimes. According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams resulted in over $2.7 billion in losses in 2022.

Falling victim to a business email compromise attack can have a devastating impact on finances as well as brand reputation. SaaS Alerts will guide users through the ins and outs of BEC so users can better detect and mitigate its risks.

What Is BEC?

A business email compromise is a cyberattack technique whereby malicious actors pretend to be someone trustworthy, maybe a colleague, senior executive, or a vendor, and try to trick the team into taking a desired action such as:

  • Sending money to fraudulent accounts.
  • Diverting payroll.
  • Changing bank details for future payments.
  • Sharing sensitive information such as customer data, legal documents, financial reports, etc.

BEC attacks go beyond email scams

Criminals may use phishing and domain spoofing tactics to negatively impact the company’s image

If we consider the fundamental business email compromise definition, this branch of cybercrime starts and ends with email activity to financially defraud businesses. BEC attacks, however, go beyond email mischief and financial losses.

Criminals may use phishing and domain spoofing tactics to negatively impact the company’s image. For instance, an attacker might use compromised accounts to send malicious emails to clients, partners, or even the media to spread harmful content that negatively impacts the company’s reputation.

How business email compromise works

While executing a BEC scam, attackers employ a blend of techniques to deceive victims. For example, they may rely on impersonation and other social engineering techniques, such as phishing, baiting, and email spoofing to trick people. The 2023 DBIR report highlights that BEC represents nearly 60% of social engineering incidents.

The five broad categories of BEC attacks are:

five broad categories of BEC attacks

Let’s say this type of attack goes undetected for a considerable period. In that case, the attacker can easily gain access to all facets of an organisation’s data, from vendors to billing systems and human resources data.

Techniques for Business Email Compromise Scams

MSPs should watch out for these top three techniques used to implement BEC scams:

1. Authentication Tokens Misuses

IBM reports that phishing is the second most common reason for a data breach and phishing victims

Authentication tokens ensure that only authorised individuals can access specific email accounts without repeatedly providing login credentials. Attackers can manipulate these seemingly harmless tokens to execute BEC attacks.

They gain access to these tokens by employing social engineering techniques such as phishing. IBM reports that phishing is the second most common reason for a data breach and phishing victims were subjected to financial losses of $4.91 million on average.

  • Token-based security structure

Let’s explore a business email compromise example to understand the Achilles’ heel in this token-based security structure.

Imagine a user logging into a Microsoft 365 account and getting a phishing email with a link that promises an exciting article. When the user click the link, it’s like opening a door to an attacker.

  • Email information

The multiple tabs on the browser are not isolated environments; they’re interconnected facets of the same browser.

As the user clicks on the link, the attacker can secretly take a peek at what the user is doing in the other tabs and grab the email information from one of the open tabs to waltz right into the account without requiring a password. That “token” meant to help users log in faster becomes the key that lets an outside actor in.

2. Data Exfiltration

Email Security report found that 75% of companies have reported an increase in email-based threats

Data exfiltration refers to the unauthorised act of moving data from a controlled or secure environment to an external location or destination. At the outset, attackers subtly manipulate email environments.

They either create new subfolders or exploit existing ones to establish rules that automatically copy incoming emails. Mimecast’s State of Email Security report found that 75% of companies have reported an increase in email-based threats.

  • Divert communications

Attackers, once in control, also manipulate email forwarding rules to divert communications. They might even exploit the trust of legitimate users to siphon critical data from platforms like Google Drive.

This secret maneouver typically remains unnoticed by both end users and administrators. As a result, business email compromise detection often requires meticulous log analysis.

3. Privilege Escalation

In business email compromise scams, cybercriminals don’t just stop at infiltrating inboxes. They aim to rise through the ranks and gain higher privileges in the company’s security landscape. Once the criminals breach accounts, their focus shifts to discovering the administrators within the system and requesting administrative roles.

Armed with an administrative role, a malicious actor can gain unbridled control through three steps:

  • Creating administrative accounts.
  • Granting themselves global administrator status.
  • Eliminating existing administrators.

2021 Global Cybersecurity Survey Report 

Companies are implementing the least privilege principle to ensure a user only has access to specific data

To deal with the risk of attackers breaching over-privileged accounts, companies are implementing the least privilege principle to ensure a user only has access to specific data and resources.

While the 2021 Global Cybersecurity Survey Report indicates that two out of three organisations consider least privilege a top priority, many still struggle to eliminate or restrict over-privileged users.

How to detect BEC with SaaS alerts

To stay one step ahead of cyber attackers launching BEC scams, MSPs need to continuously survey their clients’ applications for anomalies such as:

  • Unexpected token usage.
  • Logins from unfamiliar devices or locations.
  • Suspicious forwarding/inbox rules activities.
  • Irregular data downloads.
  • Changes to account passwords, MFA settings, or Admin roles.

With SaaS Alerts, MSPs can get a unified overview of all their clients and examine specific updates of each account. For instance, by clicking on a red-colored account on the “Account Activity” dashboard, it is clear that the account was accessed outside of the location approved by the administrators. The dashboard will show details such as date, time, account details, unauthorised IP address, and application.

account activity

Machine learning pattern detection

SaaS Alerts uses machine learning pattern detection to:

  • Identify breaches by continuously monitoring for unusual actions.
  • Create alerts to notify administrators in the event of a suspicious activity.
  • Automatically lock affected accounts to prevent further unauthorised actions.

Such business email compromise tools offer a crucial window of opportunity to timely respond to the threat and minimise the risk of further harm.

From facial recognition to LiDAR, explore the innovations redefining gaming surveillance

Related videos

Insta DomainLink Secret™

Insta DomainLink Secret™
Wan 2.2-S2V demo video: Female singer

Wan 2.2-S2V demo video: Female singer
Dahua MultiVision Online Event - Look Wider, Protect Deeper

Dahua MultiVision Online Event - Look Wider, Protect Deeper

In case you missed it

What are emerging applications for physical security in transportation?
What are emerging applications for physical security in transportation?

Transportation systems need robust physical security to protect human life, to ensure economic stability, and to maintain national security. Because transportation involves moving...

Gallagher & Fortified enhance perimeter security solutions
Gallagher & Fortified enhance perimeter security solutions

Global security manufacturer - Gallagher Security is proud to announce a strategic partnership with Fortified Security, a pioneering perimeter systems integrator with over 30 years...

Genetec: Data sovereignty in physical security
Genetec: Data sovereignty in physical security

Genetec Inc., the global pioneer in enterprise physical security software, highlights why data sovereignty has become a central concern for physical security leaders as more survei...

Featured white papers
One system, one card

One system, one card

Download
Aligning physical and cyber defence for total protection

Aligning physical and cyber defence for total protection

Download
Understanding AI-powered video analytics

Understanding AI-powered video analytics

Download
Enhancing physical access control using a self-service model

Enhancing physical access control using a self-service model

Download
How to implement a physical security strategy with privacy in mind

How to implement a physical security strategy with privacy in mind

Download
More corporate news
IDIS announces the completion of its Costar acquisition

IDIS announces the completion of its Costar acquisition
Flexxon first international company to join MISI and Maryland's Global Gateway Soft Landing Program

Flexxon first international company to join MISI and Maryland's Global Gateway Soft Landing Program
Claroty’s Global Healthcare Cybersecurity Study 2023 reveals priorities and challenges amid escalating cyber-physical connectivity

Claroty’s Global Healthcare Cybersecurity Study 2023 reveals priorities and challenges amid escalating cyber-physical connectivity
Featured products
Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera

Dahua Smart Dual Illumination Active Deterrence Network PTZ Camera
Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control

Hikvision DS-K6B630TX: Smart Pro Swing Barrier for Modern Access Control
Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)

Climax Mobile Lite: Advanced Personal Emergency Response System (PERS)