bec-blog

The 10 Stages of a Business Email Compromise Attack

We at Computer Systems Plus believe it is imperative to educate our clients on the importance of identifying emails that are actual phish, versus ones that are not. As an IT service provider, we understand that apart from maintaining a stable and secure IT environment, not only is identifying phish important, but also the understanding of the mind behind hackers and the steps they usually take to create a phishing email.

Approximately 41% of IT professionals report daily phishing attacks. 55% of organizations report senior managers have been impersonated in spear-phishing attacks. Accounting and finance are the departments most frequently targeted in phishing attacks.

Business Email Compromise (BEC) targets specific individuals within an organization. Emails impersonating a specific sender or trusted source, usually, a senior executive, are sent in an attempt to convince an innocent victim to take certain actions, like sending money to the crook’s bank accounts.

Business Email Compromise Attacks

BEC attacks are usually harder to spot than other phishing emails as they often use spoofed (look-a-like) email addresses to fool people into replying or clicking. While they can play out in a number of different ways, here’s a common BEC approach:

STEP 1: RESEARCH

Cyber crooks start by hunting for weaknesses or opportunities they can exploit.

STEP 2: IDENTIFY A TARGET

Based on their research, the crooks decide what angle they’re going to try to exploit, and which organization they are going to target.

STEP 3: BUILD A PERSONA

Through a web search, the crooks can identify board members in the target organization.

STEP 4: IDENTIFY A VICTIM

Next, they look for an innocent person at the target organization who the crooks want to trick.

STEP 5: SPOOF THE EMAIL ADDRESS

The attacks start with an email that appears to come from the senior leader. The crooks first spear phish the executive to get their credentials then log in as them to send their email.

STEP 6: PERSONALIZE THE EMAIL

The crooks put all their research and persona-building work to good use, crafting an email that appears to come from the senior leader. They add personalization (Dear Helen) and reference specific events (yesterday’s press release), and request money transfer.

STEP 7: ISOLATE THE VICTIM

Isolation is a popular technique to put pressure on the victim and stop them from checking with others. Common phrases include “confidential – don’t share” “I’m only trusting you,” or “highly sensitive.”

STEP 8: AVOID FOLLOW UP

The crooks don’t want the victim checking in with the senior leader so discourage by making them seem unavailable, for example: saying they’re out of the office.

STEP 9: PROVIDE BANK DETAILS

The bank account is one of the crooks’ largest expenses so they will only share after they’ve hooked the victim through their spoofed emails.

STEP 10: MONEY TRANSFER

The money has been transferred over. This gets noticed after a large amount of money is gone.

Conclusion

Even though our clients have a strong IT security system through our partner Sophos, it is still vital for them to be educated on how to avoid any phishing mishaps.  If you have any questions and would like more information on phishing or if your business is in need of an IT service provider, please contact us at outreach@compsysplus.com we would be glad to assist you!