[et_pb_section fb_built=”1″ admin_label=”section” _builder_version=”3.22″ global_colors_info=”{}”][et_pb_row admin_label=”row” _builder_version=”3.25″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”3.25″ custom_padding=”|||” global_colors_info=”{}” custom_padding__hover=”|||”][et_pb_text admin_label=”Text” _builder_version=”3.27.4″ background_size=”initial” background_position=”top_left” background_repeat=”repeat” global_colors_info=”{}”]By Mitchel Chang<\/p>\n
Business Email Compromise (BEC)<\/strong> has become a very series cybercrime in the past several years where billions of dollars were lost by various businesses.\u00a0 In additional to direct financial loss to the hackers, a company\u2019s overall loss may be much greater. For example, a company\u2019s reputation may suffer from a data breach and they may lose customers as result of a BEC event.\u00a0 Also, instead of focusing on their core business, the aftermath of a BEC attack would be expensive and a distraction between business executives, law enforcement, and other victims.<\/p>\n A typical BEC attack would be launched by email.\u00a0 The emails are either spoofed or compromised by the attackers.\u00a0 For example, an attacker may pretend to be a vendor by requesting invoice or transaction payments such as real estate services.\u00a0 We also often see the fake executive requesting his\/her finance department to execute a wire transfer to a third party. With our recent COVID-19 challenges and more working-from-home employees, we will see more companies and organizations become less centralized and less in-person interaction between staff. This will provide some additional opportunities for the BEC attackers to trick more people.<\/p>\n On April 6, 2020, Federal Bureau of Investigation (FBI) issued a warning<\/a> anticipating a rise in BEC schemes related to the COVID-19 Pandemic. \u201cFraudsters will take advantage of any opportunity to steal your money, personal information, or both. \u00a0Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts.\u201d \u00a0\u00a0According to FBI, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment in the fight against COVID-19. Also, most of the recent BEC attacks were targeted at the financial institutions or banks.<\/strong><\/p>\n Cybersecurity vendors are helping to develop various tools to scan and filter malicious and phishing (spoofed) emails by using all the latest technologies such as big data and machine learning. For example, the threat response teams from Trend Micro are using cloud email reputation services and machine learning to capture the company executive\u2019s writing style to help prevent BEC as part of its overall business cybersecurity software suite.<\/p>\n Although cybersecurity tools are getting better and lots of potential fake or spoofed emails can be filtered, we can\u2019t ignore the human and social engineering approaches which attackers will leverage. In BEC, we often see fake emails that will appear to be sent by a close friend or business associate. For example, a company CFO will get a fake email from his\/her CEO to request a wire money transfer. This is what we refer to as \u201cspear phishing\u201d.<\/p>\n To carry out BEC attacks, hackers often utilize an organized team with various roles and responsibilities that include:<\/p>\n Don\u2019t underestimate their capabilities as they are professionals.\u00a0 Before hacker teams launch their fake emails, the first step is for them to identify and study a potential prospect. They often use popular social media sites such as LinkedIn and Facebook and a people search site such as PIPL. As for identifying business owners or executives, attackers can easily find their personal information just through Google searches or on the company website.<\/p>\n Here are some preventive measures which we recommend:<\/strong><\/p>\n For more free cybersecurity tips for start ups and small businesses, visit our Internet Safety for Small Businesses<\/a> page.<\/strong><\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" By Mitchel Chang Business Email Compromise (BEC) has become a very series cybercrime in the past several years where billions of dollars were lost by various businesses.\u00a0 In additional to direct financial loss to the hackers, a company\u2019s overall loss may be much greater. For example, a company\u2019s reputation may suffer from a data breach […]<\/p>\n","protected":false},"author":21,"featured_media":2664,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"By Mitchel Chang\r\n\r\nBusiness Email Compromise (BEC)<\/strong> has become a very series cybercrime in the past several years where billions of dollars were lost by various businesses.\u00a0 In additional to direct financial loss to the hackers, a company\u2019s overall loss may be much greater. For example, a company\u2019s reputation may suffer from a data breach and they may lose customers as result of a BEC event.\u00a0 Also, instead of focusing on their core business, the aftermath of a BEC attack would be expensive and a distraction between business executives, law enforcement, and other victims.\r\n\r\nA typical BEC attack would be launched by email.\u00a0 The emails are either spoofed or compromised by the attackers.\u00a0 For example, an attacker may pretend to be a vendor by requesting invoice or transaction payments such as real estate services.\u00a0 We also often see the fake executive requesting his\/her finance department to execute a wire transfer to a third party. With our recent COVID-19 challenges and more working-from-home employees, we will see more companies and organizations become less centralized and less in-person interaction between staff. This will provide some additional opportunities for the BEC attackers to trick more people.\r\n\r\nOn April 6, 2020, Federal Bureau of Investigation (FBI) issued a warning<\/a> anticipating a rise in BEC schemes related to the COVID-19 Pandemic. \u201cFraudsters will take advantage of any opportunity to steal your money, personal information, or both. \u00a0Right now, they are using the uncertainty surrounding the COVID-19 pandemic to further their efforts.\u201d \u00a0\u00a0According to FBI, there has been an increase in BEC frauds targeting municipalities purchasing personal protective equipment in the fight against COVID-19. Also, most of the recent BEC attacks were targeted at the financial institutions or banks.<\/strong>\r\n\r\nCybersecurity vendors are helping to develop various tools to scan and filter malicious and phishing (spoofed) emails by using all the latest technologies such as big data and machine learning. For example, the threat response teams from Trend Micro are using cloud email reputation services and machine learning to capture the company executive\u2019s writing style to help prevent BEC as part of its overall business cybersecurity software suite.\r\n\r\nAlthough cybersecurity tools are getting better and lots of potential fake or spoofed emails can be filtered, we can\u2019t ignore the human and social engineering approaches which attackers will leverage. In BEC, we often see fake emails that will appear to be sent by a close friend or business associate. For example, a company CFO will get a fake email from his\/her CEO to request a wire money transfer. This is what we refer to as \u201cspear phishing\u201d.\r\n\r\nTo carry out BEC attacks, hackers often utilize an organized team with various roles and responsibilities that include:\r\n\n
\n
\r\n \t
\r\n \t