Subject: URGENT – ACTION NEEDED NOW! Stop Business Email Compromise

Subject: URGENT – ACTION NEEDED NOW! Stop Business Email Compromise
3 minute read

The boss is demanding action!  Should you respond? How can you be sure their email is even real and not a BEC attack?

Rise in impersonation-driven attacks 

While encountering phishing and spam through email feel almost inevitable, attackers have become more sophisticated in their attacks, relying on familiarity to trick users into action. By pretending to be an executive or high-profile figure, attackers coerce employees into divulging information and, in the worst scenarios, take unauthorized actions such as transfering funds. 

Social media and digital engagement have created inherent trust between connected users that attackers seek to capitalize on. Fake accounts impersonating brands and executives have become more common across social media in recent years (link to find the fake blogs) across industries. With the success of these attacks, bad actors have applied similar tactics to other vectors, such as email. 

What is Business Email Compromise?

Business Email Compromise (BEC) involves an attacker impersonating a high-profile executive or employee, such as the CEO, to defraud employees, customers and partners into sending money, paying fake invoices or divulging sensitive data. Over a three year period, BEC attacks accounted for a cumulative $26 billion global exposed dollars loss. This growing threat targets small companies and large corporations alike and unfortunately, most existing email security solutions are blind to it.

Sample BEC Attack 

While the name Business Email Compromise may be unfamiliar to you, it’s likely you’ve come across a BEC email before. Here’s a real example of an email I received “from” ZeroFox’s CEO, Foster:

What’s interesting about this email:

  • The sender: The name looks familiar...James Foster is the actual name of ZeroFox’s CEO.
  • The sender email: The email doesn’t match the sender name. “[email protected],” is clearly not Foster’s real email address. 
  • Subject: The subject line suggests an action needs to be taken, which is a common tactic used in BEC attacks.
  • Message contents: The body of the message asks for availability NOW - implying a sense of urgency that often drives employees to take actions without having fully evaluated the request. 

How to address BEC threats at scale

As with any digital attack, protecting employees from BEC attacks is a cumbersome task to take on alone. The most effective solution will entail a combination of training and security, including:

  • Employee email security training: Ultimately, the reason why BEC attacks are so successful is because of human error. With the added element of perceived familiarity and name recognition, employees fall victim. Training employees on the warning signs of business email compromise will help them identify when they’re being targeted. Looking out for email addresses outside your organization, mentions of wire transfers, urgency, and questions of availability are often first signs of a BEC attack. 
  • Report instances of BEC and block offending email addresses: If you do see a BEC email enter your inbox, make sure to report it as malicious and block the associated sender email address. Never click a link or download a file in an email that could be malicious!
  • Inbound email monitoring: The best way to protect against BEC attacks is to automate identification and remediation (for instance, in the real BEC example above, the banner warning that was automatically applied). Traditional email security gateway solutions often miss or do not cover BEC use cases. Investing in BEC protection will alleviate manual time spent identifying BEC attacks while also ensuring employees are protected.

Learn about ZeroFox Advanced Email Protection 

We’re hosting a webinar on February 20 outlining these features and ZeroFox’s entire Advanced Email Protection offering, including BEC Protection and Email Abuse and Phishing Protection. We’ll walk through major use cases and give you a demo within the ZeroFox Platform.

See ZeroFox in action