Business Email Compromise Attacks on the Rise

A business email compromise (BEC) occurs when a criminal gains control of a business email account and is able to send and receive emails. Often a hacker will gain access to a business email account and just observe email traffic for weeks looking for a vulnerability. A common form of BEC attack is to change or spoof an invoice of a known client or vendor. The criminal may use an existing invoice and change the wire transfer number, so the money goes to them instead of the trusted vendor. The Wisconsin Republican party was just hit by an attack very similar to this and paid a criminal $2.3 million. They thought they were paying a trusted vendor, but the invoice had been altered, and the money went to a criminal.

In addition to common BEC attacks, we are also seeing an increase in criminals targeting group email boxes. Hackers are targeting these shared email accounts because there is a higher likelihood someone will click on the request or attachment. Also, if the request is forwarded around within the company it gains credibility. A recent study shows an increase in BEC attacks, up 155% in Q3 2020. Part of the increase is the new attack vector of targeting group email boxes.

Employee education is the key to preventing these kinds of attacks, especially in Finance and HR departments as they are normally targeted first. If your team uses group email boxes, educate them on this new attack vector. Criminals are taking advantage of the fact that many industries are working remotely and are not as likely to walk across the office to double check an invoice. Employees should be encouraged to confirm requests for money, especially if they are out of the ordinary.

Most email clients offer two-factor authentication, but this feature is not always turned on by default. With the increase in BEC attacks we saw over the summer, and now criminals targeting group email boxes, the threat is not slowing down. Two-factor authentication is a good first step in defending your business email against increased interested from hackers.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.


Posted by Charles Wright