Skip to content
GE Business Register Logo white BG
  • Join
  • Login
  • Local Register
    • Local Businesses
    • + Add a Business
    • + Add a Network
    • My Businesses
  • Events
    • Browse all Events
    • GEBR Calendar of Events
    • + Add Event
  • News
    • View News
    • + Create News
  • Articles
    • View Articles
    • + Create Article
  • Pipeline of Works
GE Business Register Logo white BG
  • Join
  • Login
  • Local Register
    • Local Businesses
    • + Add a Business
    • + Add a Network
    • My Businesses
  • Events
    • Browse all Events
    • GEBR Calendar of Events
    • + Add Event
  • News
    • View News
    • + Create News
  • Articles
    • View Articles
    • + Create Article
  • Pipeline of Works
GE Business Register Logo white BG
  • Login
  • Register
  • Directory
    • Businesses
    • Networks
    • + Add a Business
    • + Add a Network
  • Events
    • Browse all Events
    • GEBR Calendar of Events
    • + Add an Event
  • News
    • View News
    • + Create News
  • Articles
    • View Articles
    • + Create Article
  • Pipeline of Works
  • Frequently Asked Questions
  • Contact

« Back to Expert Articles

Cyber Security – Part 1. An Introduction to Business Email Compromise

Jarrod Ramsay
Director - ICTouch

An ICTouch CyberLeader White Paper on the most lucrative form of Cybercrime: Business Email Compromise (BEC)

In 2020 the ACCC reported that Business Email Compromise (BEC) had become the leading cause of financial loss to scams in Australia, costing a total of $132 million. Given the growing frequency and cost of these attacks, Business Email Compromise represents a very real risk to both Australian and international businesses.

Unfortunately, due to its emerging nature, many organisations do not fully understand the risks and do not have adequate protections in place to mitigate it. This article will help explain the methods of BEC attacks, and the potential actions your business can take to protect themselves.

For a full copy of our whitepaper please email cyber.security@ictouch.com.au and we will happily send you a copy.

Introduction to Business Email Compromise Attacks

There are four common methods attackers use to impersonate trusted contacts:

  1. The email ‘sender’ attribute is changed through a variety of methods.
  2. Real first and last name of the personation victim are used to register a free email address (such as Hotmail or Gmail)
  3. A fake domain is registered that looks visually similar to the real domain (@mircosoft.com instead of the @Microsoft.com, or replacing the letter L with the number 1).
  4. Legitimate credentials are stolen by the attacker through phishing or data breach.

5 Common Types of Business Email Compromise attacks

  1. CEO Impersonation – due to their authority, CEO’s and other senior staff members are often the targets of impersonation. The attacker will then masquerade as the authority figure and request payments be made, or sensitive data sent to external locations.
  2. Supplier Impersonation – in business-to-business relationships, large financial sums are routinely transferred. If an attacker can successfully impersonate a supplier, they will attempt to have banking details ‘updated’ so the next legitimate payment is diverted to the attacker’s bank account.
  3. Employee Impersonation – A common attack vector as it can be carried out from almost any corporate email account, Employee Impersonation sees the attacker attempt to have a legitimate employee’s bank account details ‘updated’ so their next salary payment is diverted to the attacker’s bank account.
  4. Customer Impersonation – By impersonating a customer in a business-to-business relationship an attacker will fake purchase orders and attempt to have goods delivered to the attacker for resale.
  5. Gift Card Fraud – With increasing regularity attackers will use gift cards to extract value from an organisation. Once impersonation has been achieved the attacker will request the victim purchase them gift cards and email the serial numbers, often with the promise of remuneration through expenses. The gift card serial numbers are then resold on the black market.

For more information on measures your organisation can implement to defend against Business Email Compromise please see Part 2 – Defending Your Business.

Alternatively, If you would like to discuss your organisations Cyber Security related matters please don’t hesitate contact us on 08 6324 3300, email cyber.security@ictouch.com.au or pop into our office located at 1/82 Brookman Street, Kalgoorlie

Jarrod Ramsay
Director - ICTouch

Expert Articles

Where local businesses can find tips and advice from local experts on a range of business-critical topics

Add Business Article

Current Topics

$12 billion of gold Asbestos Asbestos contamination Asbestos Management Asbestos Testing attract clients Breach caesium capability Carbon Dioxide Chamber of Minerals and Energy Critical Minerals CSIRO cyber security Dark Web Digital Marketing Digital Transformation Email Compromise Exploit Firewall Goldfields-Esperance region Hack Hydrogen Improvement Information Technology lithium Loss maintenance marketing Mine Closures Mining Mining in 2022 Phishing Ransomware Rehabilitation resilience Scam Security skills Social Engineering strategic role of gold tantalum Training VPN WA Energy Sector Carbon Capture Future

Recent Posts

  • Neuromas
  • Foot and ankle surgery in Kalgoorlie
  • The importance of a circular economy in the green transition
  • Top five priorities for Australian mining in 2022: ABB
  • Stress fracture in the foot

Recent Comments

    Localised logo dark grey

    Powered by Localised.

    Register

    Forgot your password?

    Member Dashboard

    Login / Logout

    Add a business

    Add a industry association

    Browse all local businesses

    Browse industry associations

    Add an article

    Add a news post

    Browse all articles

    Browse news

    Add a future procurement project

    Browse all local projects & sheduled works

    Manage your projects

    Add an event

    Browse the local events calendar

    Manage your submitted events

    Frequently Asked Questions

    Contact Help

    Privacy Policy

    Terms and Conditions

    Localised logo dark grey

    Powered by Localised.

    Register

    Forgot your password?

    Member Dashboard

    Login / Logout

    Add a business

    Add a industry association

    Browse all local businesses

    Browse industry associations

    Add an article

    Add a news post

    Browse all articles

    Browse news

    Add a small business project

    Add a future procurement project

    Browse all local projects

    Manage your projects

    Add an event

    Browse the local events calendar

    Manage your submitted events

    Frequently Asked Questions

    Contact Help

    Privacy Policy

    Terms and Conditions

    Website © 2021 G E Business Register. All Rights Reserved. Built and managed by Localised
    wpDiscuz