Stop Business Email Compromise
Business email compromise is an intelligent email scam designed to deceive employees into wire-transferring payments or revealing confidential information by impersonating an internal employee, a high-level executive or an external business partner.
The challenge
In 2020, it cost U.S. organizations more than $ 1.8 billion, and has become the largest cause of cybersecurity-related financial losses according to the FBI.
Business email compromise attacks often leverage spear-phishing or credential theft, and given their combination of payload-less (e.g., text only) and payload-based methods, are difficult for legacy email security systems to detect.
At Cellopoint, we give you insight into BEC risks and provide the state-of-the-art solution to protect your users effectively.
Anatomy of business email compromise attacks
BEC scams can be broadly categorized into two major types: simple impersonation email and account takeover, and the two types of BEC attacks target not only internal users but also external vendors or customers.
1. BEC: Impersonation email
In the first type of BEC attacks, criminals forge a domain name or a display name that looks similar to a domain name or a display name used by a trusted individual, while the reply-to address is not associated with the From address but that of the attackers. Impersonation-based email attacks can be classified into:
-
Executive impersonation
Scammers often impersonate a chief-level executive to force an employee to transfer money or data. It is known as CEO fraud or a whaling attack. -
Employee impersonation
An example is a fraudulent request to the HR department asking for a change to an employee’s bank account information. -
Vendor impersonation
It often comes with a fake invoice, requesting fund transfers to a fraudulent account, and hence it is known as invoice/payment fraud.
2. BEC: Account takeover
A sophisticated variant of BEC scams occurs when attackers gain access to a legitimate user’s email account and use this genuine account to send scam emails.
In this type of BEC attacks, criminals often set up forwarding rules to track a victim’s conversations, learning the victim’s internal and external relationships, or finding examples of invoices or purchase orders. They can then launch the attack at an appropriate time, making it more authentic and convincing.
This kind of BEC attack is known as account takeover (ATO) or email account compromise (EAC). Account takeover-based email attacks can be classified into:
-
Employee account takeover
-
Executive account takeover (CEO fraud)
-
Vendor account takeover (invoice fraud)
The Cellopoint solution to BEC
With Cellopoint’s multi-layered scanning and Artificial Intelligence (AI) techniques, we carefully scrutinize each incoming email, analyzing users’ behaviors and relationships internally and externally. By understanding the identities behind the messages, Cellopoint helps fortify your existing defenses, e.g., Microsoft 365, and prevents BEC attacks from reaching your users’ inboxes. Cellopoint BEC Protection solution includes:
DMARC implementation and reporting.
Prevent scammers from spoofing users’ domains with lookalike domains or newly registered domains.
Display name spoofing detection.
Scan emails containing forged display names that appear to be identical to internal email addresses.
User behavior profiling and
relationship graph.
Decipher senders’ communication patterns and spot impersonated reply-to and anomalous messages.
Sender content profiling and
email intention detection.
Analyze the email content for topic and sentiment, and email body or email subject containing certain words or phrases, such as "payment ", "wire transfer", “urgent” or “request”.