Most organizations are aware of the risks of phishing. After all, it is the number one method used by cyber criminals to solicit information for future malicious activity – as reported in our 2017 Global Threat Intelligence Report (GTIR). But there is one type of phishing that is often overlooked, and it is Business Email Compromise (BEC) – otherwise known as CEO fraud.
BEC attacks are a sophisticated form of phishing, targeting specific people in an organization. The most common form is the attacker posing as an organization executive, directing an authorized employee (like a specific person in accounting or finance), to perform a wire transfer to an account controlled by the attacker. The goal of BEC attacks is to steal money by getting it directly from the organization.
What’s worrying is that BEC attacks can affect every organization. They have become so common that law enforcement agencies around the world have issued warnings in the past two years about the potential impact on business. And they are affecting businesses now. In fact, phishing attacks accounted for over 60% of all incident response engagements with NTT Security in 2016 and, as evidenced in our latest GTIR, BEC attacks are the second most common form of phishing attacks.
Furthermore, BEC attacks are typically more financially damaging to companies. The average cost of a ransomware incident is $700 USD, while the average BEC incident involves a loss of about $67,000 USD. To make matters worse, if a BEC attack succeeds and the organization does not address it quickly, the attacker may contact the targeted employee again to ask for additional wire transfers. This could turn a single incident into a series of compromises, seriously damaging the organization’s financial status and reputation. Ultimately, a BEC attack is low risk and high return for attackers. An attacker can acquire millions in stolen funds with relatively little effort.
So what can organizations do to protect themselves? The first step is understanding that security is a business problem – and shouldn’t be left to the security professionals alone.
Protecting against BEC attacks requires enterprises to address the technical tools, but they should also review their supporting processes and corporate culture to ensure employees can determine if a communication is authentic. Here are a few things that everyone can do:
- Avoid posting excessive information to social media about your job responsibilities, the names of your managers, teammates, and employees etc. An attacker could harvest this information and use it against you or your coworkers to conduct a BEC attack.
- Before fulfilling any sensitive requests in emails, look for signs of a BEC attack, such as the use of a copycat domain name or email content which is not expected for the sender.
- Immediately communicate with security management and coworkers if you detect an attempted BEC attack.
For more information on Business Email Compromise – and the steps that all employees, management and technical staff can take – download our 2017 Global Threat Intelligence Report (GTIR): https://www.nttsecurity.com/GTIR2017