How to Protect Your Organization from BEC/EAC

Business Email Compromise, also known as BEC, and Email Account Compromise, also known as EAC, are terms that you’ve no doubt heard a lot about in recent years.


The FBI defines BEC and EAC as criminals sending “an email message that appears to come from a known source making a legitimate request.” Some examples include a CEO sending a request to provide gift cards, a vendor requesting a change to an invoice account, or even homebuyers being requested to send their deposit to a new account as requested by someone purporting to be their title company.


To avoid becoming a victim, some best practices include: 

  • Hardening your environment and regularly training your users to become more comfortable at detecting and reporting these types of threats. 

  • Ensuring your employees feel confident in reaching out to your cyber security team to report suspected phishing emails can go a long way in protecting your organization. 

  • We also recommend establishing processes such as enabling MFA, encrypting (confidentiality) or digitally signing (integrity and non‐repudiation) emails. 

  • Creating policies around requiring communications via phone before initiating a change to an invoice or bill payment account can also keep scammers from successfully having unsuspecting victims transferring money to newly established bank accounts. 

  • Security teams can also monitor for lookalike domains (also known as spoofed, fake, cousin, or doppelganger, according to PhishLabs) that contain an MX record which allows for sending mail. This could indicate that scammers are planning to use that lookalike domain to conduct phishing campaigns against your organization or others, and taking them down or at least blocking them before they can be utilized can mitigate these attacks. 

  • Finally, implementing DMARC, which combines DKIM and SPF, can help ensure that the sender is who they say they are.

d1e1871a85e906df5b85bace3dbfd254.jpg

INNOVATION FACILITY NOW OPEN

PSI's state-of-the-art Innovation Facility is now open in Valparaiso, FL. It is designed to provide a cyber secure ecosystem for development of new technologies and approaches, illustrating the company’s commitment to deliver excellence to its customers. Watch a video about the Innovation Facility.

PSI_Collab.jpg

#WEAREPSI

PSI works hard to maintain its unique, diverse, and collaborative culture. Success is the result when we connect the power of our people. Watch a video about who we are.

military.png

SKILLBRIDGE OPPORTUNITIES

We have a new internship program that helps Active-Duty Service Members make a shift into civilian life. Learn more here.

woman-in-tech.png

FEATURED INDUSTRY: INTELLIGENCE

PSI is a proud and dedicated services provider to the Intelligence Community. Our IT solutions solve today’s complex challenges, improve operational efficiencies, and meet challenges to our national security. Learn more here.