Security Awareness – The Anatomy of BEC Attacks

A new report from the cybersecurity firm Cofense examines the tactics and trends of one of the costliest cyber threats for companies both large and small – Business Email Compromise (BEC) scams. Unlike other email-based phishing attacks which utilize malware and stolen credentials, BEC scams involve social engineering tactics, via email communications, to trick an employee of a company to transfer unauthorized funds to the threat actor.

As part of the investigation, Cofense researchers engaged with the scammers by responding to their fraudulent emails to better understand how the attack chain works. Some of the key findings of the report include:

• Payroll diversion and gift card scams as the most common form of BEC messages.
• BEC emails typically use language meant to illicit a sense of urgency or to ingratiate the victim to the adversary.
• BEC scams are more often than not sent from free webmail services, with Gmail representing the majority.
• Most BEC threat actors wait for at least the first reply from their victim before making their fraudulent request. In fact, 89 percent of BEC scammers made a fraudulent request after the Cofense researcher’s first response.
• Victims commonly fall for BEC scams more easily than other phishing emails because in BEC actors exploit relationships that already exist.

Mitigation practices to defend against this activity include many of the same steps for defending against any email-based attack. However, two practices are very important, frequent employee cybersecurity awareness training and clearly-defined procedures for authenticating financial requests. Access the full report at Cofense.