Facts About Business Email Compromise Attack

In my previous article, I have talked about some of the facts that you need to know about phishing activities in a network security environment. In this article, I will be looking at all that you need to know about Business Email Compromise fraud. Follow me as we will look at that together in this article. 

Let’s delve into phishing, spearphishing, whaling, CEO Fraud and Business Email Compromise. Cybercriminals craft legitimate email looking that encourages people to take action, such as clicking a link or opening an attachment, which at first glance look like it is from an authentic financial institution, e-commerce site, government agency or any other service or business. 

These attacks collect personal, proprietary. and financial information, and can infect your machine with malware and virus. Often, hackers use domain-spoofing techniques. They masquerade as coming from a sender that you may know, in an effort to get you to supply sensitive information, such as your login credentials, account numbers, credit card numbers, and money transfers. Because these emails look as if they legitimately come from sources you trust, it can be hard to tell that they are fake. 

Cybercriminals rely on email to launch an attack because it continues to work. They are appealing and believable because the email looks similar to a real request. To be successful, it must trick users. To protect yourself, be suspicious of any communication that directs you to take any action, no matter how official it appears, Remember to pause and look for clues to determine if it is fake. For example, does the bait look “phishy” to you. It’s an example of a high profile person receiving an urgent email that said he must change his password, and well, he clicked the link in this email.

One thing you need to remember is this, Stop and hover every link before you click! If you take a moment to hover your mouse over the link, you will see the true destination of that link. This is a significant clue to determine if an email is legitimate. 

For example, if you get an email that appears to come from your bank saying there is a problem with your account and you must log in to a website and correct the problem by clicking a link, do not click. Instead, open an up to date browser and manually type the web address to see what is happening. 

If you receive an email that requests the movement of money, such as payment of an invoice, even if it is from someone you know, we recommend that you use another form of trusted communication to verify that the message is legitimate before taking any action. Also, carefully check the email address. Just because a message says it is coming from the name of a person you know or trust, it does not mean that the email is from that person. 

Phishing attacks are sent to a wide audience. Whereas Spearphishing, whaling, CEO Fraud, Business Email Compromise and even vishing are directed towards specific individuals or business roles. Research shows that these attacks are effective 91% of the time. 

If an attacker is interested in breaking into a particular organisation, they might use a personally crafted email or a targeted phone call, seemingly from a source internal to that organisation or from a vendor that the organisation does business with and trusted. 

Many times, this fake communication appears as a direct message from your boss or any of the executives, if you are suspicious, even if the details appear to be accurate, do not respond. 

Over your mouse over links to check their true destination, and check for spelling and grammar errors. To be safe, never transfer money, divulge sensitive information, or grant special access without first double-checking to confirm from an alternate trusted source. 

Social Engineers are experts at impersonating legitimate sources, manipulating human nature to trigger an emotional response, and enticing you to skip normal security protocols. Don’t fall for it.

When it comes to cybersecurity, knowledge is power and that’s why by Implementing actions you can take, you can avoid common traps. Be Cyber Security safe out there.

In my previous article, I have talked about email and other activities of hackers that can affect network security generally. In this article, I want to talk about some of the ways of dealing with email spamming in network security. Follow me as we will look at that together in this article. 

Now, let’s talk about email. We spend a big part of the day dealing with our inbox. In fact, 300 billion emails are sent across the globe every single day. Email is the number one infection vector for all kinds of malware, including ransomware. A common form of malware transmission is via attachments. If you receive an email with an attachment, and the email is from someone you don’t know, you probably should not open the attachment. 

Let’s back off and talk about how you received this email in the first place. No matter if it is class spam or phishing, someone has your email address and it is been passed around among spammers. While it is difficult to keep your email completely secret, there are many ways to make your email less valuable to spammers. One of the most effective ways is to configure your email client not to display downloaded graphic messages. With spam, the mere act of downloading email images tells the spammer that there is someone looking at that email message. 

This always increases the value of your email address as a target. Most email clients that support this action will allow you to download the images for legitimate email messages. Therefore, they look well-formatted and easier to read. Generally, spam does not request an action, and to prevent further messages from the sender, simply mark that email as junk and block the sender.