These two business email compromise solutions help mitigate risk for this growing danger.
Business email compromise is a hot topic as cyberattack threats proliferate in the wake of the global pandemic. Bad actors are putting in overtime to gain valuable data to sell in booming Dark Web markets – and looking for ways to scam overstressed, overscheduled, and overworked executives. Effective business email compromise solutions aren’t hard to find, but they may be hard for executives to swallow.
How does business email compromise work?
Business email compromise is a type of advanced, precisely planned phishing scam that’s played for high stakes. All of these attacks are very carefully orchestrated spear-phishing/whaling attacks, but there are three main components.
Cybercriminals choose a target and obtain information about that target that allows them to construct an extremely convincing email that will persuade the target to take action, like pay a fake bill, like this:
- An executive receives an email with an invoice for services from a trusted vendor with a note that the vendor has redone their website and needs the company credit card information updated for payment.
- The executive instructs an assistant to go to the vendor’s new website, update their account information, and pay the bill.
- The cybercriminals collect the payment and make a profit.
Join us (virtually) at Connect IT Global, August 24 – 27, 2020 for 4 days of amazing panels with Channel leaders, certifications, product updates, surprises, networking, contests, and more! REGISTER NOW!>>>>
Don’t Give Bad Actors Privileged Access to Data and Systems
Cybercriminals don’t just use business email compromise operations to get paid. They also use them to gain access to a company’s data and systems to steal corporate secrets, pilfer records and data, unleash ransomware, spoof emails to use in phishing attacks on clients and business partners, and cause other potentially damaging criminal mayhem.
Access to an executive account is a Golden Ticket for bad actors. Highly placed accounts receive less generic traffic, so the account holder is more likely to read and interact with the email. Many executives regularly communicate with business partners, service providers, or vendors. Executives are also likely to be in a hurry – making them less likely to notice that an email doesn’t quite pass the smell test.
What can can companies do to fight back? Every single account is at risk for cybercrime, from the interns to the C Suite. Institute regularly updated security awareness and phishing resistance training for every user at every level, with no exceptions – and no excuses for skipping it. Executives may think they’re too busy to take time out for training now, but they’ll be much busier trying to recover from a devastating cyberattack that results from something like business email compromise.
Take executive-level security awareness training seriously
Most companies give executive accounts a high level of privilege with trusted user or administrator-level access to sensitive systems and data, but the account holders get very little security awareness training. While it may seem like high-powered executives have more important things to do than update their security awareness training, that’s definitely not true – highly privileged executive user accounts represent a bigger danger to the company if they’re compromised.
Whether they’re malicious actors or careless staffers, insider threats are a major source of danger. Learn more in our “Stop Insider Threats” resource package. DOWNLOAD IT NOW>>
Boost executive-level phishing resistance training
Phishing has boomed during the global pandemic and is quickly becoming 2020’s most dangerous cybersecurity threat – making phishing resistance and security awareness training essential for users at every level in an organization. Phishing awareness training is essential for increasing awareness of other threat vectors too, because phishing isn’t just an email problem anymore
Simple Management With BullPhish ID Takes the Pain Out of Arranging Training Around Busy Schedules
BullPhish ID offers complete, plug-and-play phishing resistance training and testing kits that can be quickly deployed to customized groups of users to get everyone up to speed on today’s phishing threats fast. With engaging video content in 8 languages plus simple remote management, BullPhish ID empowers companies to conduct the kind of effective phishing awareness training that really makes a difference, protecting companies from threats like ransomware and business email compromise.