Servertastic

UK £ US $ Euro

  • Home
    • About Servertastic
    • Servertastic Blog
  • Cyber Security
    • SiteLock Website Security
    • Vulnerability Scanning
  • SSL/TLS Certificates
    • SSL Certificate Comparison Chart
    • Sectigo Certificates
      • PositiveSSL DV
      • PositiveSSL DV Multi-Domain
      • PositiveSSL DV Wildcard
      • PositiveSSL EV
      • PositiveSSL EV Multi-Domain
      • Sectigo DV SSL
      • Sectigo SSL DV Multi-Domain
      • Sectigo DV SSL Wildcard
      • Sectigo OV SSL
      • Sectigo SSL OV Multi-Domain
      • Sectigo OV SSL Wildcard
      • Sectigo EV SSL
      • Sectigo SSL EV Multi-Domain
    • RapidSSL DV
      • RapidSSL Wildcard DV
    • Geotrust Certificates
      • QuickSSL Premium DV
      • True BusinessID EV
      • True BusinessID OV
    • DigiCert Products
      • Secure Site OV
      • Secure Site EV
      • Secure Site Pro OV
      • Secure Site Pro EV
      • Secure Site Wildcard OV
      • Norton Seal
    • Microsoft Exchange certificate
    • EV Certificates
    • Wildcard Certificates
    • DV Certificates
    • Validated Certificates
    • Multi Domain Certificates
      • True BusinessID OV Multi Domain
      • Sectigo SSL EV Multi-Domain
      • Sectigo SSL OV Multi-Domain
      • Sectigo SSL DV Multi-Domain
      • PositiveSSL EV Multi-Domain
      • PositiveSSL DV Multi-Domain
      • QuickSSL Premium DV
      • True BusinessID OV
      • True BusinessID EV
  • SmarterTools
    • SmarterMail
      • SmarterMail Upgrades
      • SmarterMail Maintenance and Support
      • SmarterMail Message Sniffer
      • SmarterMail ActiveSync
      • SmarterMail Exchange Web Services
    • SmarterStats
      • SmarterStats Upgrades
      • SmarterStats Maintenance and Support
    • SmarterTrack
      • SmarterTrack Upgrades
      • SmarterTrack Maintenance and Support
      • SmarterTrack Communicator
  • Account Login
  • Help
    • Read the Docs
    • FAQS
  • Contact
  • LOG OUT

Preventing BEC Attacks

22nd February 2019

BEC attacks

Photo by rawpixel on Unsplash

Business Email Compromise (BEC) attacks have increased by almost 500% over the previous year. They are the most common cyber threat to businesses today, and can result in losses to finances and reputation.

BECs are social engineering attacks made against employees of a business. The criminal attempts to impersonate a contact of the employee, whether that be a higher up in the business or an external supplier. Unlike regular phishing, where a criminal may send out many emails, BEC attacks tend to focus on one employee, who is groomed into trusting the attacker.

Once the victim has been deceived the attacker will request a transaction. The victim will believe it to be legitimate, but in fact the criminal is siphoning the money for themselves. In worse case scenarios the criminal might pull of multiple cons.

BEC attacks are also vectors for malware and ransomware attacks. These can be very damaging to a business.

How Can I Protect My Business From BEC Attacks?

The key to keeping your business secure is to educate your employees on the risks and how to keep safe. Employees should be taught how to spot and evade fraudulent emails. Up to date technology and procedures can also reduce the risks of BEC attacks.

Avoiding Opening Emails From Unknown Parties

The safest way to avoid risk is to not click the email in the first place. Employees should check the address of the sender carefully for any differences that might be a sign of a spoofed address. This could include "l" with "1" or a subtle misspelling that could easily be overlooked.

Check Links

Links in emails can be disguised using anchor text. You can reveal the true destination by hovering over the link. A box next to the cursor or in the bottom corner of the browser will display the real address the link leads to. Investigate these carefully. Fraudulent links may try to mimic a real address.

Avoid Attachments

Attachments are one of the most common methods criminals use to distribute malware. Unknown attachments must never be opened. Even attachments you are expecting should be scanned by up to date anti malware before being accepted.

Use a Company Domain

Using free web-based emails accounts for your business makes it easier for criminals to spoof your addresses. You should create a company domain and use it for your email accounts instead. Criminals may still try to mimic the address, but diligent employees will be able to spot the inconsistencies.

As well as protecting your business, customers are more likely to trust an email if it comes from a branded email address.

Verify Money Transfers

Creating a procedure for money and data transfers can prevent careless losses. Any transfers should be verified with another member of staff through face to face or telephone call, using previously established numbers. You should not rely on any contact methods suggested by the email, especially if they differ from the norm.

Consider What Information Your Are Putting Online

Cyber criminals can use the information you put online to enhance their facades. They use this data to build profiles of employees in preparation for grooming them as part of their phishing attempts. This can include names, addresses, job titles and descriptions.

Posting details about holidays can clue criminals to when key figures will be out of the office. This can present them with the best opportunities to attack. Keep the holiday photos for when you return.

Keeping social media accounts private can prevent criminals from trawling them for data.

Keep Anti-Malware Updated

Using the latest anti-virus and malware technology can catch harmful payloads often distributed by email. Malware is constantly evolving, so it is vital to regularly updated your software to keep up.

Email Authentication

Using email authentication, such as SPF, DKIM, and DMARC, can protect you from email spoofing.

Email authentication gives the sender a way of proving that an email comes from who it claims to be from. Without it, a criminal can more easily pretend to be someone from the company when sending out their fake emails.

Emails that fail the authentication process should end up in the spam folder or outright rejected. With DMARC you can even get reports whenever there has been an attempt at abusing your domain.

Not only does email authentication protect your employees, but it prevents criminals from scamming your customers, as messages that fail validation will be sent to the spam folder or rejected.

Keeping your emails secure takes time and effort, but is a necessary step in ensuring the safety of your business and its customers.

Recommended Services

Take a look at our DMARC management service and let us provide you with insight into the security of your email domain.

Increase the cyber resilience of your staff with our Cyber Security Training platform.

Filed Under: Cyber Crime, Cyber Security Tagged With: BEC, businesses, cyber security, email, Phishing

  • Blog Home
  • Cyber Security Services
  • Contact Us

Recent Posts

  • Test and Trace privacy – your new obligations
  • Data and cyber security risks with the new Track & Trace system
  • Staying safe from fraud – Covid19
  • Is your desk photo giving away important data?
  • Cyber security when working from home – stay safe online

Cyber Security Services

  • Cyber Security
  • Cyber Essentials Certification
  • Cyber Security Awareness Training

Sectigo Products

  • PositiveSSL DV
  • PositiveSSL with EV
  • PositiveSSL DV Wildcard
  • Sectigo DV SSL
  • Sectigo DV SSL Wildcard
  • Sectigo OV SSL
  • Sectigo OV SSL Wildcard
  • Sectigo EV SSL
  • Sectigo SSL DV Multi-Domain
  • PositiveSSL DV Multi-Domain
  • Sectigo SSL OV Multi-Domain
  • PositiveSSL EV Multi-Domain

DigiCert Products

  • DigiCert Features
  • Secure Site OV
  • Secure Site EV
  • Secure Site Pro OV
  • Secure Site Pro EV
  • Secure Site OV Wildcard
  • Secure Site Pro Wildcard OV
  • Norton Seal

Geotrust Products

  • QuickSSL Premium DV
  • QuickSSL Premium Multi Domain
  • QuickSSL Premium Wildcard DV
  • True BusinessID OV
  • True BusinessID OV Multi Domain
  • True BusinessID EV
  • True BusinessID EV Multi Domain
  • True BusinessID OV Wildcard

RapidSSL Products

  • RapidSSL DV
  • RapidSSL Wildcard DV

SmarterTools Products

  • SmarterMail
  • SmarterStats
  • SmarterTrack

Support

  • Knowledge Base Home
  • Current System Status

Resellers

  • Reseller Program
  • Reseller Login
  • Reseller Sign-Up
  • Reseller Terms and Conditions

Social Media

  • Twitter
  • Facebook
  • Medium
  • LinkedIn

Legal

  • Terms and Conditions
  • Refund Policy
  • Privacy Policy
  • Reseller Terms and Conditions
  • VAT On Purchases

Servertastic Limited is registered in England and Wales.
Registered Company Number: 04982077
VAT Number: GB125485804

Hosted by LayerShift

 Mastercard Maestro Visa American Express
Diners Club JCB Discover Paypal
Sectigo Trust Seal
Reviews
Cyber Essentials