An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise.
Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised financial assets.
It is a common misconception that cyber-criminals usually lay their focus on MNCs and enterprise-level organizations. SMEs these days are just as much a target to email fraud as the larger industry players.
How Can BEC Affect Organizations?
Examples of BEC include sophisticated social engineering attacks like phishing, CEO fraud, fake invoices, and email spoofing, to name a few. It can also be termed an impersonation attack wherein an attacker aims to defraud a company by posing people in authoritarian positions. Impersonating people like the CFO or CEO, a business partner, or anyone you will blindly place your trust in is what drives these attacks’ success.
February of 2021 captured the activities of the Russian cyber gang Cosmic Lynx as they took a sophisticated approach towards BEC. The group had already been linked to conducting over 200 BEC campaigns since July 2019, targeting over 46 countries worldwide, focusing on giant MNCs that have a global presence. With extremely well-written phishing emails, they make it impossible for people to differentiate between real and fake messages.
images from Hacker News