Cybersecurity continues to be one of the most important aspects of a company’s IT policy. Today’s hacker relies on a wide range of tools and tactics to exploit information and funds from unprepared users. Emails are often the chosen channel for a cyber-attack. IT services providers in San Diego have found that Business Email Compromise (BEC) is one of the most sophisticated forms of email attacks. To prevent this, you must first understand how it works.
How a BEC Attack Works
A BEC involves several different methods and many potential variations. It is similar to email phishing and social engineering but is far more deliberate and organized. The hacker identifies an initial target at the company. This first target is usually someone high up in the company, such as the CEO. The hacker studies all the information they can find online about this person. It’s incredible how much can be learned from social medial, LinkedIn, blogs, and other websites.
The next step of a BEC is to attack the email environment of the company. Many methods have been used to find the password of the CEO or initial target. These include brute force, keyloggers, and social engineering. Should this be successful, the hacker can then send an email to one of the employees using the CEO’s actual account. Sometimes they rely on domain spoofing, which can be very difficult to detect. The hackers find a victim in the company and launch the scam using a legitimate-looking email.
Preventing BEC
BEC attacks take time, planning, and patience from the hacker. They are often very successful in achieving the intended outcome of a wire transfer or some other disclosure of confidential business information. IT services providers in San Diego have found that even employees with security training can often fall for these attacks because the hacker does not impersonate an account but sends the email from a legitimate account.
There are several ways to prevent a BEC attack in your company. Here are some important ones, which we can help you implement:
- Proactive monitoring of email accounts
- Analyzing activity and logins over the network using pattern recognition
- Limiting access to certain parts of the network
- Data loss prevention systems
- Additional payment verification to send an alert of all wire transfers before they go through
Excedeo is a leader in providing high-quality IT services in San Diego. For cybersecurity training and to review your IT security measures and policy, we are ready to assist. Get in touch with us to upgrade your business IT security.