Skip to content

How to Prevent Business Email Compromise Attack: 3 Tips

65%. That’s the percentage of organizations that faced a business email compromise (BEC) attack in 2020, according to Proofpoint. These attacks target people, usually CEOs, CFOs or people in human resources, finance departments. BEC attacks are successful because they design emails that are deceptively similar to legit emails. You are against a growing serious problem, but you still can prevent BEC attacks from succeeding. In this article, we’ll discuss how to prevent business email compromise attacks with our 3 tips.

What is Business Email Compromise Attack?

A business email compromise is a sophisticated phishing scam that compromises legitimate business email accounts. These attacks typically use social engineering techniques to obtain users’ confidence. In a BEC attack, intruders impersonate a high-level executive, suppliers or a business partner to trick the recipient into transferring money to a fraudulent account.

Since BEC attack emails don’t include malicious attachments, they can’t be detected via traditional email content scanning techniques. Unfortunately, BEC attacks have become the top cause of payment fraud attempts, leaving other methods like stolen credit cards behind.

How to Prevent Business Email Compromise?

In 2019, the Internet Crime Complaint Center recorded over 23000 complaints about business email compromise, which resulted in more than $1.7 billion in losses. Follow the 3 tips we share below to avoid BEC headaches.

1. Look out for suspicious emails from senior management

Fictitious email messages can be very difficult for employees to detect. As a staff, what you can do is that you have to check and seek confirmation from relevant people in your organization to verify the identity of the sender. Also, pay attention to email subjects or headers to see if there are anomalies and suspect content. Should you detect any indication of a potential BEC attempt, don’t respond to such email.

2. Recognise an impersonation attack

An impersonation attack typically involves an email that looks to come from a trusted party. In the first place, work with a zero-trust mindset when it comes to external outreach. There are a number of tell-tale signs you have to look out for to detect an impersonation attack.

  • Attackers use urgent tone and language to add pressure, so employees are more likely to take action without analysing the situation. How often does your CEO require access to your network because he is locked out? You got the point. In case the message looks suspicious, always reach out to the sender to verify the message’s validity.

  • Attackers put emphasis on confidentiality or privacy. They do this because an attacker wants to prevent you from discussing the message with colleagues. Employees understand how important confidentiality is for companies these days, so this tactic is highly successful.

3. Configure email systems with anti-spam and spoofing measures

Organizations can make it difficult for fake emails to be sent from organization’s domains by configuring effective anti-spoofing controls.

The first framework is Sender Policy Framework or SPF. It allows the organization to publish IP addresses that have to be trusted for its domain. An SPF record is a DNS TXT record that contains a list of the IP addresses that are allowed to send an email on behalf of your domain. 

The second framework is Domain Keys Identified Mail or DKIM. It is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the beneficiary. Having emails that are signed with DKIM seem more legitimate to your recipients and are less probable to go to junk and spam folders. Be informed that DKIM is an optional security protocol, and it isn’t a universally implemented framework.

The third framework is Domain-based Message Authentication, Reporting and Conformance or DMARC. It leverages the existing email authentication techniques such as SPF and DKIM which means at least one of these frameworks has to be in place for the email domain. The key benefit of DMARC is security, that it doesn’t allow unauthorized use of an organization email domain to protect its employees from spam, fraud, and phishing.

Final thoughts on how to prevent business email compromise attacks

Business email compromise attacks highly rely on complex phishing, social engineering and impersonation techniques. Attackers also exploit the human element of trust to deliver the attack, making these attacks hard to trace. We outlined 3 best practices to prevent business email compromise attacks, so you can reduce the perceived risk of a likely BEC attack. Keep an eye on our weekly blog posts and cybersecurity trends, and remain ahead of the competition.