Business Email Compromise: Top BEC Tactics & How to Protect Against Them

Hackers create fake email domains that appear legitimate at first glance. They make subtle changes, like a lowercase l instead of a capital L, or gravoc-technology.com instead of gravoc.com. These alterations can be easy to miss and trick recipients into trusting the sender.

Hackers can acquire or steal credentials to compromise an email account. Once they have control of the account, they can monitor and insert themselves into ongoing communications to get the recipients to transfer funds or share information. For instance, hackers may hijack a finance team member’s account to join an email thread and provide updated banking details for an invoice payment.

We see this type of BEC attacks very often in the field. Hackers pretend to be the CEO or another C-level executive within a company and write to employees requesting urgent wire transfers, gift card purchases, or access to sensitive documents.

Very often, hackers use social engineering techniques like creating a sense of urgency or panic to manipulate their targets into responding quickly without verifying the legitimacy of the request.

Many times, hackers may create inbox rules to automatically forward emails to their own accounts or mark them as read, allowing them to mask their presence and perpetuate a BEC attack.

Provide your employees, especially those in BEC-favored targets like finance and HR, with extensive employee security training that focuses on social engineering tactics. Include modules that train your employees to spot social engineering red flags like urgent language, lookalike domains, and mismatched ‘reply to’ addresses.

You should also ensure employees receive adequate communication and documentation around policies for financial transactions, including steps for oversight and approval. This way, they will be better equipped to recognize unusual requests that deviate from approved company processes.

Make sure your email domain is properly configured with SPF, DKIM, and DMARC. These protocols work together to authenticate your email traffic. DMARC, when configured with a “reject” or “quarantine” policy, adds a solid enforcement layer that helps mitigate fraudulent messages from reaching your employees’ inboxes.

Use a solution like KnowBe4 Defend to spot sophisticated BEC attacks that traditional gateways might miss. Leveraging machine learning, natural language processing, and natural language understanding, Defend detects the attacks that get through native security and Secure Email Gateways, including business email compromise.

If an incoming email appears risky, KnowBe4 Defend also includes contextual color-coded HTML warning banners to alert users to the level of risk. The tool comes with many other features to strengthen your business’ security posture.