Business Email Compromise (BEC) Attacks

Business email compromise (BEC) is a type of cyber security attack by a bad actor aimed at extracting valued assets from a company.

Impersonating the identity of a company employee or trusted party, a fraudster deceives the email recipient into replying with information, money, or access codes to corporate assets.

Examples of BEC

In a typical BEC attack, a cybercriminal posing as a company executive sends email to another employee with a specific and well-thought-out request, such as the transfer of funds to the criminal’s bank, or a return email containing employee and customer data that can be further exploited.

When the criminal poses as the top officer, a BEC is called a CEO fraud attack. If the attacker is attempting to get employee income information, the activity is called a W-2 attack. Of course, the request is never for the stated purpose and if successful, the company is defrauded.

A BEC attack’s success is dependent on significant knowledge of the company and a few important employees. Often these attacks are timed when staff are overly preoccupied with work. They are often worded in a way to ensure that the request does not seem unusual or suspicious.

Why it matters

Without validating the email sender’s identity, the victim may be fooled into following the BEC message’s directions — and playing directly into the attacker’s hands. The theft typically includes:

  • Access — passwords for future malicious activity
  • Information — valued data such as personally identifiable information (PII) or W-2s to be used for identity theft
  • Money — funds belonging to the target entity

However, if the targeted company has adopted DMARC-based email authentication, this eliminates the ability for would-be BEC attackers to use the company’s own domain name in their messages. With DMARC set to full enforcement, this same-domain name attack will never succeed, as unauthorized users cannot send email in your name.

Email Authentication

Email authentication addresses a significant flaw in current digital communications – the inability for an email recipient to verify a sender’s identity. This flaw has led to unprecedented levels of phishing attacks which account for 90 percent of corporate cybersecurity breaches.

Email authentication allows email receivers to verify a sender’s identity. It’s based on the application of three widely accepted open Internet standards -- SPF, DKIM, and DMARC -- and corresponding instructions on how to use them.

With email authentication, a company can enable only senders it explicitly authorizes, and block everyone else who attempts to send digital communications on its behalf—malicious actors and unsanctioned but legitimate cloud service providers.

By successfully implementing email authentication, a company can ensure that anyone who receives an email from their domain name can validate the sender’s legitimacy. Furthermore, it tells an email recipient what to do with non-authenticating messages -- discard, move to spam, or deliver normally.

A 360-Degree View

Email authentication provides complete visibility and control over who sends an email using your domain name. The importance of this has grown dramatically with the rapid increase in cloud service providers, over 10,000 of which send emails on customers’ behalf.

Furthermore, email authentication report show how many emails were properly authenticated as well as email activity from impostors and cloud service providers that may be legitimate but not authorized.

Email Authentication Has Wide Support

Virtually every major email service provider has implemented email authentication. That includes 100 percent of major providers such as Gmail, Microsoft, and Yahoo!/AOL. As have a large and growing number of companies across the globe. In all, 76 percent of mailboxes worldwide, or 4.6 billion, are protected by email authentication.

Automating Email Authentication

When implemented properly, email authentication provides global visibility into your email ecosystem. But it requires careful application of internet standards, intimate knowledge of email communications, constant report monitoring, and frequent implementation updates in response to industry events.

Thus, successfully implementing email authentication requires a fully automated approach that eliminates the need for complex in-house deployments, interpreting complicated reports, and frequent changes the application of Internet standards.