CURRENTLY ON AIR ⇒
  • Living the Legacy, Haafizah Rayhaanah Omar
    Tue, 10:05 am - 11:00 am

feedback@radioislam.org.za

Radio Islam Logo


((( Listen Live )))))
Radio Islam Logo


Business Email Compromise (BEC): Driving the Cyber-Crime Pandemic

Jun 04, 2020

 

Faizel Patel – 04/06/2020

(Twitter: @FaizelPatel143)

Picture: CSO Online

Business Email Compromise (BEC) attacks are a sophisticated type of scam, targeting both businesses and individuals, which aim to transfer funds from victims’ bank accounts to criminals.

In its early days, BEC typically began with hacking or spoofing email accounts of CEOs or CFOs of businesses, and then requesting funds transfers to accounts controlled by the criminals.

Over the years, these attacks have grown in sophistication, mostly in the social engineering aspect of the attacks. Rather than targeting the companies directly, attacks now target customers, HR departments, suppliers, related accountants, and law firms, and even tax authorities.

In addition to directly generating or diverting currency transactions, BEC attacks have also been used to fraudulently purchase gift cards, divert tax returns, and even transfer millions of dollars’ worth of hardware and equipment into the control of cybercriminals.

What is behind a BEC attack?     

Let us look at the component parts of a basic BEC attack. An attacker typically constructs an email that impersonates a high-level executive of a company – either by hacking into the organization’s email system, or by designing a legitimate-looking fake – and sends it to an employee, requesting a transfer of money to a bank account under the attackers’ control. This is often done with the excuse of urgency or communication problems preventing the manager from communicating in alternative ways.

The three main ways of impersonation are:

  1. Spoofing the source email address – as the basic SMTP protocol does not provide a sender validation mechanism, attackers can use either dedicated or publicly exposed SMTP servers to send emails with a spoofed sender address.
  2. The attacker sends emails from the authentic email account of the impersonated victim by gaining control of their email account through phishing, credentials theft, or other means.
  3. The attacker sends an email using a look-alike domain, which they register. In this case, the domain differs from the authentic address by a minor detail, such as sending an email from “example.co” rather than “example.com”.

So how can you improve your organization’s resilience to BEC attacks?  Here are our tips:

▪ Protect your email traffic with at least one layer of an advanced email security solution from a known vendor. Niche players and open-source solutions might even cause more damage than good.

▪ Protect mobile and endpoint browsing with advanced cyber security solutions, which prevent browsing to phishing web sites, whether known or unknown

▪ Use two-factor authentication to verify any change to account information or wire instructions.

▪ Continuously educate your end users:  whenever irreversible actions such as money transfers are conducted, details of the transaction must be verified in additional means such as voice communication and must not exclusively rely on information from email correspondence.

▪ Check the full email address on any message and be alert to hyperlinks that may contain misspellings of the actual domain name.

▪ Do not supply login credentials or personal information in response to a text or email.

▪ Follow Security Best Practices

▪ Regularly monitor financial accounts.

▪ Keep all software and systems up to date.

ADVERTISE HERE

Prime Spot!!!

Contact:
advertisingadmin@radioislam.co.za 

Related Articles

Munipalities may be able to generate own electricity

Munipalities may be able to generate own electricity

By Annisa Essack 19:10:2020 In a major shift in South Africa’s electricity landscape, some municipalities will be allowed to procure their own electricity. Municipalities that have settled their power bill with ESKOM will soon be able to generate their own electricity...

read more
Rawdhah Reopened at Prophet’s (Peace be Upon Him) Mosque

Rawdhah Reopened at Prophet’s (Peace be Upon Him) Mosque

The Rawdhah in the Prophet’s (Peace be Upon Him) Mosque in the Holy City of Madinah, was on Sunday opened to worshippers after almost seven months. The Rawdhah had been closed to the public to curb the spread of COVID-19. Although the Prophet’s (Peace be Upon Him)...

read more
High Court grants bail to Senekal violence suspects

High Court grants bail to Senekal violence suspects

By Annisa Essack 19:10:20 The second suspect in the Senekal protest case, Stephen Fourie, has been granted bail in the town's Local Magistrate's Court in the Free State today. Fourie, 33, stood in the dock for the first time today after spending the weekend behind...

read more

Subscribe to our Newsletter

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *