Business Email Compromise Prevention Best Practices
As the chilling breeze of October descends upon us, marking both Halloween and Cybersecurity Awareness Month, we find ourselves on the dark and eerie Email Street. Here, BEC attacks, likened to the malevolent Freddy Krueger, lurk in the shadows, waiting to strike when you least expect it. With each cunning trick, they attempt to pull you deeper into the nightmare, leading to potential data breaches, financial loss, and tarnished reputations.
But fear not! Our Digital Forensics and Incident Response experts are here to guide you through this nightmare, helping you arm yourself against Freddy's digital doppelgangers.
Understanding the BEC Nightmare
BEC is like Freddy's many disguises. From the notorious “CEO Fraud,” to the deceiving “phishing,” and the precise “spearphishing,” BEC is Freddy's tool of choice to haunt your daily business operations. These dream stalkers won't stop at merely tricking you; they seek to use your email environment to haunt others or perform Automated Clearing House (ACH) fraud. Just as Freddy pulled his victims into a dream world, cybercriminals aim to pull you into their web of deceit using malicious links and attachments.
The BEC specter, much like Krueger, might wear the face of someone you trust—an executive or a colleague. They might lure you into their dream trap with typosquatting or using fraudulent domains that look eerily genuine. Once they ensnare you, they might drop a malicious payload, inviting other nightmares into your sanctuary. Before you know it, your entire organization could be pulled into Freddy's world.
Use these tips to stay out of the ever-expanding nightmare that is the threat of BEC attacks:
Combatting Freddy's BEC Nightmares:
1. Fortifying the Dream Realm: Strengthen Authentication
One of the first lines of defense against BEC attacks is implementing multi-factor authentication (MFA) for email accounts. MFA adds an additional layer of security, making it more challenging for attackers to gain access to email accounts even if they have managed to obtain login credentials from a user.
2. Training to be Dream Warriors: Security Awareness
Knowledge is power, and in the realm of cybersecurity, education is your best defense. Ensure your employees receive regular training on recognizing phishing attempts and BEC scams. Create a company culture that encourages employees to report suspicious emails promptly. Although training on what to look for can be beneficial, sending out phishing emails to employees in a controlled environment, via a third-party company or internal IT staff, can allow for in-depth reports into which employees reported the phishing email, ignored it, and those who fell victim to it.3.
3. Reading the Dream Signs: Email Authentication
Leverage email authentication protocols such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to verify the authenticity of incoming emails. These protocols help prevent email spoofing and domain impersonation.
4. Dream Catchers: Email Filtering and Anti-Phishing Tools
Implement advanced email filtering solutions that can detect and block phishing attempts and malicious attachments. These tools can scan incoming emails for suspicious content, links, and sender behavior.
5. Whispering Safely: Encrypted Communication
As darkness favors secrecy, ensure that sensitive communications, especially involving financial transactions, are encrypted. Secure email gateways and end-to-end encryption tools can cloak your messages from prying eyes. Especially those containing privileged information.
Facing Freddy Head-On: Preventing Phishing Nightmares:
1. Dream Clues: Suspicious Link Verification
Before clicking on any links in emails, hover your mouse over them to preview the URL. This simple act can reveal if the link's destination matches the purported one. If it doesn't, steer clear.
2. Guarding Against the Nightmare's Tools: Attachment Caution
Tread carefully when dealing with email attachments, especially from unfamiliar sources. Scan attachments for malware before opening them and confirm their legitimacy with the sender if in doubt. Policies for limiting the types of attachments that can be received via email can be useful if they do not disrupt business operations. If possible, discourage or block the receiving of archive file attachments and other executables. However, this is no silver bullet as attackers can use code contained within simple office documents, such as .docx, .xlsb, and others to access that ever-looming backdoor.
3. Closing Old Dream Portals: Limit Authentication Methods
“Legacy Protocols” are just as their name suggests, older methods of authenticating and accessing email. These protocols are not compatible with multi-factor authentication and therefore can be used by a bad actor to bypass MFA. Additionally, they can be leveraged by a bad actor to automatically sync a mailbox in its entirety to a criminal’s system. When possible, ensure these protocols are disabled.
4. Studying Freddy's Patterns: Stay Informed
Keep up to date with the latest phishing techniques and trends. Cybersecurity professionals often share information about emerging threats that can help you recognize new phishing tactics. Like all aspects of cybersecurity, phishing tactics change often, and sometimes older tactics reemerge.
5. Summoning Help: Report Suspicious Activity
If you encounter a suspicious email, report it to your organization's IT or cybersecurity team. Quick action can prevent a potential compromise and protect others from falling victim to the same scheme.
As the winds of October carry the whispers of cybersecurity threats, remember that knowledge and preparedness are your strongest charms against the dark forces of Business Email Compromise and phishing emails. By implementing the best practices and technologies outlined in this guide, you can assist in defending your organization from the horrors of the nightmares that lurk on Email Street. Stay vigilant, stay secure, and may your dreams be free of cyber nightmares.
Check out IronGate’s Digital Forensics and Incident Response capabilities:
Joseph Marra is Director, Digital Forensics and Incident Response. He brings over 10 years of experience in the cybersecurity industry with a key focus on ransomware investigations, business email compromise, advanced persistent threat intrusions, and insider threat investigations.