BRANDEFENSE BRANDEFENSE
  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
Request a Demo
Login

BRANDEFENSE

  • Platform
    How It Works?
    Platform Overview
    Cyber Intelligence
    Brand & Reputation Protection
    Exposure Management
    By Use Case
    Preventing Data Leakage
    Phishing Monitoring
    Account Takeover Detection
    Stolen Credit Cards
    Dark Web Monitoring
    Remediation and Takedown
    Q1 | 2023
    Explore the Ransomware Attacks
  • Solutions
    Threat Intelligence Service
    Brand Protection
    Vulnerability Management
    Attack Surface Management
    Fraud Protection
    VIP Security
    Vulnerability Intelligence
  • Resources
    Blog
    Infographics
    Datasheets
    Security News
    Threat Intelligence Researches
    Digital Risk Protection – FAQ
    Cybersecurity Glossary
    Events
  • Partners
    About the Partner Program
    Become a Partner
    Partner Portal
  • Company
    About Us
    Join Us!
    We in the Press
    Privacy Policy
    Terms of Use
    Contact Us
What is BEC Attack and How to Prevent against it in 2023?

What is BEC Attack and How to Prevent against it in 2023?

BRANDEFENSE
DRPS
30/03/2023

Last updated on June 9th, 2023 at 02:03 pm

BEC attacks are a type of cyber attack that is carried out with financial motivation. Threat actors, often targeting a business’s finance department or business partners, use fraudulent e-mails to defraud managers or employees to get them paid.

Threat actors, who prefer corporate e-mail addresses or addresses very similar to real accounts, obtained by various methods such as malware or social engineering attacks, start the chain of raids by pretending to be a corporate executive, finance employee, or lawyer.

Table of Contents

  • What Are the Types of BEC Attacks?
    • CEO Fraud
    • Data Theft
    • Impersonating a Lawyer
    • False Invoice Scam
  • How Do BEC Attacks Work?
    • Identifying a Target
    • Obtaining the E-mail Address
    • Payment Request
  • A BEC Attack Example
  • Warning Signs of BEC Attack
    • Instant Money Transfer Requests
    • Presence of Unknown/Unusual Email Accounts
    • Unusual Requests
    • Sudden Password Changes
  • What is the Difference Between BEC Attacks and Phishing Attacks?
  • How to Prevent BEC Attacks
  • Brandefense’s Solutions

What Are the Types of BEC Attacks?

 

CEO Fraud

Threat actors pretending to be the top executive of a business attempt to manipulate the organization’s financial transactions using pretexts such as emergency or confidential transactions to the victim.

In 2016, two major tech firms, Facebook and Google, faced a BEC attack that cost them $121 million. Threat actors set up a fake company called “Quanta Computer” with the same name as an actual hardware supplier. They sent bogus invoices and payment requests to corporate personnel via e-mail addresses that seemed to belong to real company executives. The attackers also forged lawyer letters and contracts to get their banks to accept wire transfers.

 

Data Theft

Attackers sometimes target the HR department and try to obtain critical information such as the victim’s work schedule and phone number. This method is preferred to increase the credibility of BEC attacks.

 

Impersonating a Lawyer

Threat actors gain unauthorized access to a law firm’s e-mail account, forwarding customers an invoice to pay them online or a fake link to obtain personal information.

In 2019, a law firm in New York was exposed to a fraudulent attempt by an attacker posing as a lawyer. The attacker sends an e-mail to the business’s finance department with a fake e-mail address posing as a business’s attorney, stating that an invoice is due in a legal case and that the invoice amount must be paid urgently. Thereupon, the finance department made the payment by fulfilling the request of the fake lawyer, who introduced herself as the business lawyer.

This incident demonstrates how serious a threat can be created by swindling attackers using a false attorney ID. To protect themselves from such attacks, businesses must verify payment requests to their finance department and confirm the attorney’s identity before directly contacting anyone pretending to be the business’s attorney.

 

False Invoice Scam

In this type of attack, the attacker pretends to be a vendor demanding payment for services performed for the company.

How Do BEC Attacks Work?

 

Identifying a Target

For the threat actors to create the attack scenario, they must conduct targeted research. Information about employees’ names, job titles, payment processes, supply chain, and workflow is obtained by scanning open sources such as the corporate website, social media accounts, and media news.

 

Obtaining the E-mail Address

At this stage, threat actors try to capture e-mail addresses they can use with the methods listed below.

  • Phishing Attacks
  • Malware Attacks
  • Using a Similar E-Mail Address

 

Payment Request

Fake e-mails that appear to come from an employee or manager often include an order to make an urgent payment or any financial transaction. Threat actors try to pressure the target by emphasizing the urgency or confidentiality of the payment to avoid detection.

A BEC Attack Example

A BEC attack scenario has been detected recently, which has been observed to affect many organizations.

bec attacks business compromise emails
Figure 1: Beginning of the BEC attack with an e-mail. It looks like a legal mail address.

When we researched the address “CONTACT@saintbonnetdemure.com” that sent the relevant e-mail, it was understood that the e-mail extension belonged to an institution.

However, this e-mail account may contain malware, leak data, etc. It has been observed that it is used to spread phishing e-mails by being captured by threat actors as a result of situations, and it is called a BEC attack (Business E-mail Compromise).

Although the threat actor claiming to have bought account access in the e-mail claimed to have accessed your network in this way, the text content of this fraudulent e-mail that has been distributed for years has not been changed, and only the BTC wallet address under the control of the sending threat actor has been added to the e-mail.

In this sense, it is thought that the relevant e-mail is a spam e-mail connected to the social engineering scenario, and the statements in the content are not real.

Warning Signs of BEC Attack

 

Instant Money Transfer Requests

Attackers demand payment from the victim with definitions such as urgent, confidential, and debt in the fake e-mail messages sent. These requests are often backed by an apparent reason, such as a crisis, and a prompt response is sought.

 

Presence of Unknown/Unusual Email Accounts

E-mail addresses created by threat actors impersonating corporate or individual e-mail accounts may contain spelling and grammatical errors. A sense of urgency is used to avoid noticing these mistakes. For this reason, it is necessary to read the e-mail contents and verify the source carefully.

 

Unusual Requests

Attackers can send a fake email requesting the victim’s company information or employee information.

 

Sudden Password Changes

Attackers can change the password after gaining access to the victim’s account. Additionally, abnormal activity in reports can be a clue to the attack.

What is the Difference Between BEC Attacks and Phishing Attacks?

 

Although BEC attacks look similar to phishing attacks, they are considered different types of attacks.

Phishing attacks are a type of social engineering attack in which attackers try to gather information from a legitimate institution, person, or organization using a false identity. Attackers often aim to obtain victims’ data using email, SMS, or fake websites, such as usernames, passwords, or banking information.

BEC attacks, on the other hand, are generally more sophisticated and require serious preparation for the target. An attempt is made to persuade other employees or suppliers to make payments through a false e-mail address or communication channel by impersonating an employee or senior manager in an institution or organization.

How to Prevent BEC Attacks

 

  • As much as possible, 2FA features should be activated. The implementation of multi-factor identity protection makes it difficult for attackers to access e-mail addresses.
  • The source of the content transmitted with themes such as urgent payment, requesting personal information must be verified.
  • Untrusted e-mails, attachments and links should not be respected, files and applications should be obtained from reliable sources.
  • The probability of success of BEC attacks is directly proportional to the data collected by the attacker about the target. For this reason, it is essential not to share personal information openly.
  • Configuring e-mail solutions (SPF, DKIM, DMARC, and SID) is recommended to prevent sending harmful e-mails from unknown or suspicious sources, phishing (phishing), and spam content.

Brandefense’s Solutions

 

Attackers gather information about their targets before carrying out BEC Attacks. In addition to resources such as social media and news pages, the Dark Web is also frequently used by attackers to gather information.

Compromised third-party applications are accessible to anonymous individuals on various Underground forums. Through such data leaks, critical data such as name, surname, phone number, e-mail, and password of the personnel of the institution may be disclosed.

In addition, the Dark web is the first place cyber threat actors sell the data obtained due to their attacks. It is essential to access the leaked data quickly with properly conducted research to take action promptly.

At this point, Brandefense keeps track of all customer posts on Deep&Dark Web and informs you of critical data that the attacker can use.

Another method used in BEC Attacks was the capture of e-mail addresses belonging to senior executives. With the Brandefense VIP Security module, all information that attackers can access, such as personal information, phone number, and e-mail address leaked to the internet, is determined by searching the VIP person belonging to your institution.

Phishing e-mails forwarded to you and fake websites that appear to belong to a legitimate source are other methods used to snatch e-mail addresses.

With the Phishing Monitoring module, Brandefense can detect applications that may be of interest to your domain and imitate your institution. If deemed necessary, it provides a “Takedown” service and supports the closing of the fake application as soon as possible. In addition, suspicious-looking e-mail addresses, file attachments, and links are analyzed by the Brandefense team so that you can take action.

BEC attacks pose severe risks to businesses of all sizes. These attacks can cause significant financial and reputational losses. However, businesses can significantly reduce the risk of BEC attacks by implementing simple but effective steps such as training staff on social engineering attacks and proper verification procedures.

Organizations must stay alert and up-to-date on the latest security measures to protect themselves against this growing threat. Businesses can protect their finances and ensure the safety of their customers and stakeholders by prioritizing cybersecurity and taking proactive steps to prevent BEC attacks.

Share on Facebook Share on X
Search
Categories
APT GroupsBlogDark WebDRPSFraudRansomwareSector AnalysisSecurity NewsVIP SecurityWe in the PressWeekly Newsletter
Recent Posts
  • The Impact of Machine Learning on Enhancing Threat Detection
    The Impact of Machine Learning on Enhancing Threat Detection
  • The Future of AI in Cybersecurity: Benefits and Risks
    The Future of AI in Cybersecurity: Benefits and Risks
  • Brandefense Shares Bridge Partner Program and Brandefense 2.0 with Its Business Partners
    Brandefense Shares Bridge Partner Program and Brandefense 2.0 with Its Business Partners
  • What is Supply Chain Security?
    What is Supply Chain Security?
Ransomware Trends Report | Q2 2023
Ransomware Attack Trends in the Second Quarter of 2023
Report

Ransomware Attack Trends in the Second Quarter of 2023

Download Report
Follow us!

Continue Reading

Previous post

What Is Smishing and How To Protect Yourself?

what is smishing, sms phishing
brandefense digital risk solution
Next post

The Role of Brandefense in Your Comprehensive Cybersecurity Strategy in 2023

We know what hackers know about you

Our cyber threat intelligence and security research team is ready to help you.
image link

Brandefense is solving SOC’s complex challenges. We are here to help Brandefense customers to protect their brands and reputations against cyber threats.

United States:

300 Delaware Ave. Ste 210 #328 Wilmington, DE 19801 / USA

Republic of Turkey:

Üniversiteler, 1605 Cd. Cyberpark Vakıf Binası Kat: -1 No: B25, 06800 Çankaya/Ankara

© 2022 Brandefense. All rights reserved.

Solutions
Threat IntelligenceBrand ProtectionVulnerability ManagementFraud ProtectionVIP SecurityAttack Surface ManagementVulnerability Intelligence
Use Case
Data LeakagePhishing MonitoringAccount Takeover DetectionStolen Credit CardsDark Web MonitoringRemediation / Takedown
Partners
About the Partner ProgramBecome a Partner
Company
AboutCareerPrivacy PolicyTerms Of UseContact
Close
Search

Hit enter to search or ESC to close

cookie By using this website, you agree to our cookie policy. Close