Our AI writing assistant, WriteUp, can assist you in easily writing any text. Click here to experience its capabilities.

Shifting tactics fuel surge in business email compromise

View Original View Raw

Summary

This article discusses the rising trend of business email compromise (BEC), which has resulted in more than 21,000 complaints and over $2.7 billion in adjusted losses. Microsoft has observed an increase in sophistication and tactics by threat actors specializing in BEC, including the use of residential internet protocol (IP) addresses to make attack campaigns appear locally generated, and the use of platforms like BulletProftLink to create industrial-scale malicious mail campaigns. The FBI has identified a number of BEC targets, such as executives, finance managers, and human resources staff, and has reported losses of over $590 million in 2022. To combat BEC, organizations are encouraged to maximize security settings protecting their inbox, enable strong authentication, and train employees to spot warning signs. Microsoft also recommends using a secure email solution, securing identities to prohibit lateral movement, adopting a secure payment platform, and pausing to use a phone call to verify financial transactions.

Q&As

What is the FBI reporting regarding business email compromise complaints?
The FBI is reporting more than 21,000 complaints with adjusted losses over $2.7 billion.

What tactic is helping criminals monetize Cybercrime-as-a-Service (CaaS)?
Leveraging residential internet protocol (IP) addresses to make attack campaigns appear locally generated is helping criminals monetize Cybercrime-as-a-Service (CaaS).

What type of accounts are typically targeted by BEC attacks?
Top targets for BEC are executives and other senior leaders, finance managers, human resources staff with access to employee records like Social Security numbers, tax statements, or other PII.

What is the Financial Fraud Kill Chain and what are its potential losses?
The Financial Fraud Kill Chain is an initiative initiated by the FBI’s Recovery Asset Team in 2022 on 2,838 BEC complaints involving domestic transactions with potential losses of over $590 million.

How can organizations protect themselves from BEC attacks?
Organizations can protect themselves from BEC attacks by maximizing security settings protecting their inbox, enabling notifications for when mail senders are not verified, blocking senders with identities they cannot independently confirm, setting up strong authentication, training employees to spot warning signs, and adopting a domain-based message authentication, reporting, and conformance (DMARC) policy of “reject”.

AI Comments

👍 This article provides an in-depth look at the rise of business email compromise and how we can defend our organizations against it. It also offers great recommendations to increase security settings and strengthen authentication.

👎 This article does not provide any practical solutions for the average user who is not a cybersecurity expert. It also does not address the problem of malicious actors using residential IP addresses to evade detection.

AI Discussion

Me: It's about the surge in business email compromise and how threat actors are leveraging residential IP addresses to evade detection. It also talks about the cost of these attacks and how organizations can defend against them.

Friend: That's concerning. What implications does this have?

Me: It means that businesses need to be even more vigilant in defending against these attacks. They need to maximize their security settings, enable notifications for when mail senders are not verified, and block senders with identities they cannot confirm. They also need to implement strong authentication, train employees to spot warning signs, and use secure email solutions. It's also important to secure identities to prohibit lateral movement, adopt a secure payment platform, and establish policies and expectations reminding employees to contact organizations or individuals directly to verify financial and other requests.

Action items

Implement a secure e-mail solution to protect against phishing and suspicious forwarding.
Establish policies and expectations for employees to contact organizations or individuals directly to double-check financial and other requests.
Train employees to spot warning signs of fraudulent emails, such as a mismatch in domain and email addresses.

Technical terms

Business Email Compromise (BEC): A type of cyber attack in which an attacker impersonates a legitimate user or organization to gain access to sensitive information or financial resources.
Cybercrime-as-a-Service (CaaS): A type of cybercrime in which criminals offer services to other criminals to facilitate cybercrime activities.
Residential Internet Protocol (IP) Address: An IP address assigned to a home or business network that is used to identify and locate devices connected to the internet.
Impossible Travel: A detection used to indicate that a user account might be compromised. These alerts flag physical restrictions that indicate a task is being performed in two locations, without the appropriate amount of time to travel from one location to the other.
Domain-based Message Authentication, Reporting, and Conformance (DMARC): A security protocol that helps protect against email spoofing by verifying the authenticity of emails sent from a domain.
Zero Trust: A security model that assumes all users and devices are untrusted and requires authentication and authorization for all access.