Security Awareness Reminder – Business Email Compromise, a Primer on Impersonation Attacks

Given the Abnormal Security’s Q3 Quarterly BEC Report shows that business email compromise (BEC) has recently grown in interest over the last quarter, and the energy/infrastructure industries have experienced a 93% increase in attacks, now is NOT the time to curtail your security awareness reminders on BEC and other impersonation-based scams. Therefore, Agari’s BEC Attacks: What They Are, How to Spot Them, and What to Do couldn’t come at a better time, especially heading into the holiday season when threat actors are notoriously known for spreading bad cheer!

Agari, the email security leader, provides another concise and timely post on this prevalent threat by highlighting seven common impersonation themes and how can they be stopped. The post discusses payment fraud, payroll diversion, vendor email compromise, gift card scams, aging financial accounts scams, transaction diversion, and advanced payment schemes – themes that some WaterISAC members may be intimately familiar. Given the need for security awareness reminders and reinforcements – especially with the upcoming holiday season – members are encouraged to pass this article along as a reminder to all that “BEC groups are master manipulators who use clever social engineering ploys to throw email recipients off kilter just long enough to respond to an email request before ever thinking to confirm its legitimacy.” Whether you have the best controls in place or not, this post is a great sanity check to confirm your defenses are properly implemented, and it may even spark more ideas to protect your users and organization from falling victim. Read the post at Agari.