In this insightful article by Microsoft Security Insider, examine the evolving techniques utilized by cybercriminals in business email compromise attacks. Understanding the 'Shifting Tactics fuel surge in Business Email Compromise' can empower you with the knowledge to strengthen defenses and mitigate potential risks. Learning is power- here's a 9-minute read to get you started. Proceed now.
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a type of cybercrime where attackers use deceptive tactics to manipulate individuals into providing sensitive information or transferring funds. The FBI reported over 21,000 complaints related to BEC, with adjusted losses exceeding $2.7 billion. Attackers often exploit social engineering techniques, targeting executives, finance managers, and human resources staff, to trick victims into acting on fraudulent requests.
How are cybercriminals evolving their tactics?
Cybercriminals are increasingly using sophisticated tactics, such as leveraging residential IP addresses to make their attacks appear local. This approach helps them bypass detection systems that flag unusual login locations, known as 'impossible travel' alerts. Microsoft has noted a 38% increase in Cybercrime-as-a-Service (CaaS) targeting business email from 2019 to 2022, indicating a shift towards more organized and industrial-scale operations.
What measures can organizations take to protect against BEC?
Organizations can adopt several strategies to protect against BEC, including implementing strong authentication methods like multifactor authentication (MFA), training employees to recognize fraudulent emails, and establishing clear policies for handling financial requests. Additionally, using a secure email solution with advanced phishing protection and adopting a domain-based message authentication policy can significantly enhance security.
Sign in with LinkedIn