Business Email Compromise, also known as BEC, and Email Account Compromise, also known as EAC, are terms that you’ve no doubt heard a lot about in recent years. The FBI defines BEC and EAC as criminals sending “an email message that appears to come from a known source making a legitimate request.” Some examples include a CEO sending a request to provide gift cards, a vendor requesting a change to an invoice account, or even homebuyers being requested to send their deposit to a new account as requested by someone purporting to be their title company.
To avoid becoming a victim, some best practices include:
Hardening your environment and regularly training your users to become more comfortable at detecting and reporting these types of threats.
Ensuring your employees feel confident in reaching out to your cyber security team to report suspected phishing emails can go a long way in protecting your organization.
We also recommend establishing processes such as enabling MFA, encrypting (confidentiality) or digitally signing (integrity and non‐repudiation) emails.
Creating policies around requiring communications via phone before initiating a change to an invoice or bill payment account can also keep scammers from successfully having unsuspecting victims transferring money to newly established bank accounts.
Security teams can also monitor for lookalike domains (also known as spoofed, fake, cousin, or doppleganger, according to PhishLabs) that contain an MX record which allows for sending mail. This could indicate that scammers are planning to use that lookalike domain to conduct phishing campaigns against your organization or others, and taking them down or at least blocking them before they can be utilized can mitigate these attacks.
Finally, implementing DMARC, which combines DKIM and SPF, can help ensure that the sender is who they say they are.