SecureByte Gazette: 

[The Logically Lowdown]

Inside Information from Our Team of Experts

In February, We Stopped 20 BEC Attacks

Business Email Compromise (BEC) attacks are sophisticated scams targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments. The aim is often to impersonate a high-level executive (CEO, CFO, etc.) or a business partner to trick employees into transferring money or sensitive information to the attacker's account.

Here's how to prevent BEC attacks:

• Education and Awareness: Train employees about BEC attacks, including how to recognize phishing emails and the importance of verifying email requests for money or sensitive information. Regularly update training to cover the latest tactics used by scammers.
• Verification Procedures: Implement strict procedures for verifying the legitimacy of emails requesting transfers of money or sensitive information. This can include phone verification using known numbers (not those provided in the email) or a two-person approval process for transactions above a certain threshold.
• Email Security Solutions: Use advanced email security solutions that include spam filters, phishing detection, and multi-factor authentication (MFA) to add an extra layer of security. Solutions that use artificial intelligence or machine learning can adapt to new threats over time.
• Segmentation of Duties: Ensure that responsibilities for authorizing payments and accessing financial information are separated. This makes it harder for a single compromised email to lead to an unauthorized transaction.
• Regular Security Updates and Patches: Keep all systems up-to-date with the latest security patches. Attackers often exploit known vulnerabilities in software to gain unauthorized access.
• Secure Email Practices: Encourage the use of secure email practices, such as the use of encryption for sensitive emails and avoiding the use of free, web-based email accounts for business purposes.
• Limit Information Sharing: Be cautious about how much information is shared online or via social media. Attackers often use publicly available information to make their phishing attempts more convincing.
• Incident Response Plan: Have a detailed incident response plan in place that includes procedures for responding to BEC attacks. This should include immediate actions to take if someone suspects they've been targeted or if a scam has been successful.
• Monitor and Audit Transactions: Regularly monitor and audit financial transactions for signs of suspicious activity. Early detection can minimize damage.
• Legal and Financial Safeguards: Work with legal and financial teams to set up contractual safeguards and verification processes with partners and suppliers to reduce the risk of fraudulent transactions.

BEC attacks exploit the human element of security, so a combination of technology, processes, and ongoing education is the best defense against them.

[Need to Know]

Upcoming events, new products, and relevant resources.