In this eye-opening Microsoft Security Insider article, explore the shifting tactics employed by cybercriminals in business email compromise attacks. Read "Shifting tactics fuel surge in business email compromise" to gain valuable insights into cybercriminals' strategies, techniques and motivations. Discover three steps you need to take to fortify defenses and mitigate potential risks. Knowledge is power. Build yours with this 9-minute read. Start now.
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) refers to a type of cybercrime where attackers use deceptive tactics to manipulate individuals into providing sensitive information or transferring funds. The FBI reported over 21,000 complaints related to BEC, with adjusted losses exceeding $2.7 billion. BEC attacks often target executives, finance managers, and human resources staff, leveraging social engineering to exploit the daily flow of email traffic.
How are cybercriminals evolving their tactics in BEC?
Cybercriminals are increasingly sophisticated in their BEC tactics, utilizing services like Cybercrime-as-a-Service (CaaS) to obscure their origins. For example, they purchase residential IP addresses to make their attacks appear local, which helps them evade detection mechanisms like 'impossible travel' alerts. Microsoft observed a 38% increase in CaaS targeting business email from 2019 to 2022, indicating a significant shift in how these attacks are executed.
What steps can organizations take to protect against BEC?
Organizations can adopt several strategies to mitigate the risk of BEC, including implementing strong authentication measures like multifactor authentication, training employees to recognize suspicious emails, and using secure email solutions with advanced phishing protection. Additionally, establishing clear policies for verifying financial transactions and employing a domain-based message authentication policy can further enhance security against BEC attacks.
Sign in with LinkedIn