Business Email Compromise and what to do?

Spammers are getting smarter daily and it gets more difficult for end-user to detect the spam email from a legitimate email. It takes an experienced end-user or professional IT to identify the spam email from a legitimate email.

A recent incident happened at Nikkei Inc, Japan’s largest financial media organization. An employee of a company transferred $29 million to a spammer. ” Shortly after the incident, Nikkei America discovered the fraudulent transfer. The company then hired lawyers “to confirm the underlying facts” and filed a damage report with the investigation authorities in the U.S. and Hong Kong. ”

How did it happen? “The scam stems from a September incident involving an employee of Nikkei America, the U.S. subsidiary of Nikkei. The employee transferred $29 million to a fraudulent bank account, on instructions from BEC scammers purporting to be a Nikkei management executive.”

These types of attacks are common and are growing rapidly. That’s because BEC organizations continue to get smarter. Recently uncovered groups like Silent Starling, Scattered Canary,  London Blue, and Scarlet Widow shifting up their tactics to scam millions from businesses by being creative.

One of the first protection against Business Email Compromise(BEC) is end-user training second “is to enable [two-factor authentication] on accounts, Third, make sure email-forward rules are not set up and if they are, verify with the user to make sure they were intended. Fourth, make sure the Originating address and other headers match the infrastructure that’s known for sending the emails.”

In addition to end-user training, good network infrastructure with security policies in place will help to avoid BEC.

All businesses, small or big should have end-user training as costs are much less to train end-user than for end-user to transfer millions of dollars away from the business in just a few minutes.

Leave a Reply

Your email address will not be published. Required fields are marked *