Skip to main content

Microsoft Reveals Surge in Business Email Compromise (BEC) Attacks

Detecting and Investigating 35 Million BEC Attempts

Microsoft has detected and investigated 35 million Business Email Compromise (BEC) attempts, with an average of 156,000 attempts daily between April 2022 and April 2023. This surge in cybercriminal activity highlights the need for enterprises to enhance their defenses against BEC attacks.

Common Tactics Employed by BEC Operators

BEC operators employ common tactics to lure victims into providing financial information or taking direct action, such as unknowingly sending funds to money mule accounts that help criminals perform fraudulent money. Instead of exploiting vulnerabilities in unpatched devices, BEC operators seek to exploit the daily sea of email traffic and other messages to achieve their goals.

Protecting Against BEC Attacks

To protect against BEC attacks, businesses should leverage cloud apps that utilize AI capabilities to enhance defenses, adding advanced phishing protection and suspicious forwarding detection. Crucially, businesses need to secure identities to prohibit lateral movement by controlling access to apps and data with Zero Trust and automated identity governance.

Financial Fraud Kill Chain (FFKC) and FBI’s Recovery Asset Team (RAT)

In 2022, the FBI’s Recovery Asset Team (RAT) initiated the Financial Fraud Kill Chain (FFKC) on 2,838 BEC complaints involving domestic transactions with potential losses of over $590 million. This highlights the importance of addressing cyber risk in a cross-functional way with IT, compliance, and cyber risk officers at the table alongside business executives and leaders.

Enhancing Defenses and Training Employees

While existing defenses can be enhanced through AI capabilities and phishing protection, enterprises also need to train employees to spot warning signs to prevent BEC attacks. This includes leveraging cloud apps that utilize AI capabilities to enhance defenses, adding advanced phishing protection, and suspicious forwarding detection.

Conclusion

The surge in BEC attacks highlights the need for enterprises to enhance their defenses and train employees to spot warning signs. By leveraging cloud apps that utilize AI capabilities, adding advanced phishing protection, and securing identities with Zero Trust and automated identity governance, businesses can protect against BEC attacks and prevent financial losses.

Published On May 20, 2023 at 09:51 AM IST

Category Most Read Placement

Comment Section

Subscription-in-Article

Top Newsletter Subscription Section

Join the community of 2M+ industry professionals and subscribe to our newsletter to get latest insights & analysis.

App Download Section

Download ETCISO App to get Realtime updates and Save your favourite articles.

App Store Links

Available on Play Store and App Store.

Scan to Download App

Scan the QR code to download the ETCISO App.

Bottom Author Detail

Published On May 20, 2023 at 09:51 AM IST


Source Link