Cyber Security – Part 1. An Introduction to Business Email Compromise

An ICTouch CyberLeader White Paper on the most lucrative form of Cybercrime: Business Email Compromise (BEC)

In 2020 the ACCC reported that Business Email Compromise (BEC) had become the leading cause of financial loss to scams in Australia, costing a total of $132 million. Given the growing frequency and cost of these attacks, Business Email Compromise represents a very real risk to both Australian and international businesses.

Unfortunately, due to its emerging nature, many organisations do not fully understand the risks and do not have adequate protections in place to mitigate it. This article will help explain the methods of BEC attacks, and the potential actions your business can take to protect themselves.

For a full copy of our whitepaper please email cyber.security@ictouch.com.au and we will happily send you a copy.

Introduction to Business Email Compromise Attacks

There are four common methods attackers use to impersonate trusted contacts:

1. The email ‘sender’ attribute is changed through a variety of methods.
2. Real first and last name of the personation victim are used to register a free email address (such as Hotmail or Gmail)
3. A fake domain is registered that looks visually similar to the real domain (@mircosoft.com instead of the @Microsoft.com, or replacing the letter L with the number 1).
4. Legitimate credentials are stolen by the attacker through phishing or data breach.

5 Common Types of Business Email Compromise attacks

1. CEO Impersonation – due to their authority, CEO’s and other senior staff members are often the targets of impersonation. The attacker will then masquerade as the authority figure and request payments be made, or sensitive data sent to external locations.
2. Supplier Impersonation – in business-to-business relationships, large financial sums are routinely transferred. If an attacker can successfully impersonate a supplier, they will attempt to have banking details ‘updated’ so the next legitimate payment is diverted to the attacker’s bank account.
3. Employee Impersonation – A common attack vector as it can be carried out from almost any corporate email account, Employee Impersonation sees the attacker attempt to have a legitimate employee’s bank account details ‘updated’ so their next salary payment is diverted to the attacker’s bank account.
4. Customer Impersonation – By impersonating a customer in a business-to-business relationship an attacker will fake purchase orders and attempt to have goods delivered to the attacker for resale.
5. Gift Card Fraud – With increasing regularity attackers will use gift cards to extract value from an organisation. Once impersonation has been achieved the attacker will request the victim purchase them gift cards and email the serial numbers, often with the promise of remuneration through expenses. The gift card serial numbers are then resold on the black market.

For more information on measures your organisation can implement to defend against Business Email Compromise please see Part 2 – Defending Your Business.

Alternatively, If you would like to discuss your organisations Cyber Security related matters please don’t hesitate contact us on 08 6324 3300, email cyber.security@ictouch.com.au or pop into our office located at 1/82 Brookman Street, Kalgoorlie