- 7 Tem 2013
- 8,207
- 4
- 686
Bussines Email Compromise
Business email compromise attacks are a form of cybercrime which use email fraud to attack commercial, government, and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples include invoice scams and spear phishing spoof attacks which are designed to gather data for other illegal activities. Consumer privacy breaches often occur as a result of a business email compromise attack.
Types of Business Email Compromises
BEC scams:
BEC Types of Fraud:
CEO Fraud: Here attackers position themselves as the CEO or manager of a company and often send an email to a person in the finance department requesting that funds be transferred to an account controlled by the attacker.
Account Breach: An employee's email account is hacked and used to request payment from vendors. Payments are then sent to fake bank accounts owned by the hacker.
False Billing Scheme: Attackers often target foreign suppliers with this tactic. The fraudster pretends to be a supplier and requests money transfers to fake accounts.
Impersonating a Lawyer: This is an attacker pretending to be a lawyer or a prosecutor. Lower-level workers are often targeted with this type of attack method, without the knowledge to question the validity of the request.
Data Theft: These attacks often target HR employees in an attempt to obtain personal or sensitive information about individuals, such as CEOs and managers within the company. This data can then be used for future attacks such as CEO Fraud.
How It Work
In BEC attacks, the attacker (hacker) behaves like an individual that the buyer should trust, generally we can call it a colleague, boss, or seller. The sender can ask the receiver to make a bank transfer, forward payroll, change bank details for future payments, etc.
For example;
"Hello Ahmet, can you send me the information about the last meeting held for our X company in Paris?
Company X Regional Manager "
Stage 1 - Email List Targeting:
Attackers take steps by creating a targeted mailing list. Common tactics include navigating to various websites to review Linkedin profiles, view job email databases, and even search for contact information.
Stage 2 - Start the Attack
Attackers step up to spread BEC attacks by sending mass emails. It's difficult to identify the malicious intent at this stage, as attackers will use tactics such as spoofing, similar domain names, and fake e-mail names.
Stage 3 - Social Engineering
At this stage, the attackers pretend to be their CEOs or employees. They send e-mails requesting an immediate response
Stage 4 - Financial Profit
If the attackers successfully reach someone in the target company, often a data breach or financial gain is made.
What is Cloud computing?
What Should I Do to Protect Myself?
In cloud computing, organizations are most vulnerable to Business Email Compromise. Employee awareness is a good start, but to learn the habits of a single victim and build networks of money mules in the middle of the technological and logistical infrastructure, a comprehensive technological defense is required.
Business email compromise attacks are a form of cybercrime which use email fraud to attack commercial, government, and non-profit organizations to achieve a specific outcome which negatively impacts the target organization. Examples include invoice scams and spear phishing spoof attacks which are designed to gather data for other illegal activities. Consumer privacy breaches often occur as a result of a business email compromise attack.
Types of Business Email Compromises
BEC scams:
BEC Types of Fraud:
CEO Fraud: Here attackers position themselves as the CEO or manager of a company and often send an email to a person in the finance department requesting that funds be transferred to an account controlled by the attacker.
Account Breach: An employee's email account is hacked and used to request payment from vendors. Payments are then sent to fake bank accounts owned by the hacker.
False Billing Scheme: Attackers often target foreign suppliers with this tactic. The fraudster pretends to be a supplier and requests money transfers to fake accounts.
Impersonating a Lawyer: This is an attacker pretending to be a lawyer or a prosecutor. Lower-level workers are often targeted with this type of attack method, without the knowledge to question the validity of the request.
Data Theft: These attacks often target HR employees in an attempt to obtain personal or sensitive information about individuals, such as CEOs and managers within the company. This data can then be used for future attacks such as CEO Fraud.
How It Work
In BEC attacks, the attacker (hacker) behaves like an individual that the buyer should trust, generally we can call it a colleague, boss, or seller. The sender can ask the receiver to make a bank transfer, forward payroll, change bank details for future payments, etc.
For example;
"Hello Ahmet, can you send me the information about the last meeting held for our X company in Paris?
Company X Regional Manager "
Stage 1 - Email List Targeting:
Attackers take steps by creating a targeted mailing list. Common tactics include navigating to various websites to review Linkedin profiles, view job email databases, and even search for contact information.
Stage 2 - Start the Attack
Attackers step up to spread BEC attacks by sending mass emails. It's difficult to identify the malicious intent at this stage, as attackers will use tactics such as spoofing, similar domain names, and fake e-mail names.
Stage 3 - Social Engineering
At this stage, the attackers pretend to be their CEOs or employees. They send e-mails requesting an immediate response
Stage 4 - Financial Profit
If the attackers successfully reach someone in the target company, often a data breach or financial gain is made.
What is Cloud computing?
What Should I Do to Protect Myself?
In cloud computing, organizations are most vulnerable to Business Email Compromise. Employee awareness is a good start, but to learn the habits of a single victim and build networks of money mules in the middle of the technological and logistical infrastructure, a comprehensive technological defense is required.
Moderatör tarafında düzenlendi:
