Vane3alga

Business
Focused
Technology

Business email compromise (BEC) attacks aren’t new, but they’re growing increasingly effective, according to Zeljka Zorz at Help Net Security. Zorz cites an article from BakerHostetler, in which two attorneys describe how BEC attacks work and why they’re so effective.

iStock 1133604495 2

The lawyers explain that BEC attacks involve targeted phishing attempts coming from spoofed or compromised email accounts. These phishing emails are much more convincing than generic, untargeted spam because they appear to be coming from someone within or adjacent to the victim organization, such as from the accounting department.

“The email, of course, is not from the accounting department but from a fraudster,” the attorneys write. “Sometimes the bad actor compromised an accounting department employee’s email account to find customers, steal invoices and gain an understanding of the cadence and manner of billing emails. Sometimes the bad actor compromised the customer’s email account for the same purpose and then used an email that looked enough like the vendor’s accounting department email address to trick the customer. But whatever the method of access and communication, the two entities share the same outcome: Money has been paid to bad actors, and it is highly unlikely that it will be recouped, even with law enforcement intervention.”

These attacks will continue to proliferate as security technologies improve, because they exploit human weaknesses rather than technical vulnerabilities. Zorz concludes that employees need to be educated about these attacks in order to defend against them.

“Employees who deal with payments should be taught about the danger presented by these emails, instructed on how to spot red flags, and regularly reminded to always verify all requests to change bank account information by calling a known telephone number for that customer, vendor or business partner (definitely not a phone number included in the email!),” Zorz writes. “Finally, a business might be wise to these tricks, but it costs them nothing to raise awareness and educate customers and business partners by sending an email delineating all this information and good advice.”

New-school security awareness training can enable your employees to thwart attacks that bypass technical defenses.

Help Net Security has the full story


SOURCE: KnowBe4

Success Stories

Principal Owner, Marketing Firm

Bringing IT360 on as our technology services “department” was one of the smartest business decisions we’ve made. Over the years, we’ve tried various similar services and have also hired internal IT staff, and we’ve never felt confident that we were adequately supported. IT360 has changed all that. They not only provide proactive, comprehensive technical support and consulting, they engage with us in a way that feels like they are part of our company…a true business partner.

Principal Owner, Marketing Firm

Recent
Technology News

IT 360 News - Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026
Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026

Digital Independence: What America’s 250th Birthday Teaches Us About Cybersecurity in 2026 As the United States celebrates its 250th year of independence this July 4, 2026, there’s a powerful question for modern organizations: What does independence look like in a digital world?  Two hundred fifty years ago, independence meant freedom from external control. Today, it […]

Read more
IT 360 News - Why ‘Working Fine’ Is Silently Holding Your Business Back
Why ‘Working Fine’ Is Silently Holding Your Business Back

Most IT environments don’t fail dramatically. They linger. For many organizations, systems are “working fine” — emails go through, files are accessible, users can log in — so problems don’t feel urgent. But beneath the surface, that fine often comes with hidden costs: slower response times, manual workarounds, duplicated effort, security gaps, and growing dependence […]

Read more