Understanding Business Email Compromise in 2023

Escalation of BEC Attacks in 2023

Welcome to the 10th edition of the Fraud Risk and Compliance Newsletter. In this edition we will cover Business Email Compromise or BEC, which is a type of fraud where cybercriminals use several tactics to trick employees. Typically this performed via email, into making unauthorised payments, disclosing sensitive information, or carrying out other actions harmful to the company.

The term "business email compromise" stems from the fact that these attacks often involve the impersonation of executives or other authorities within a business, and the communication medium is still usually email.

BEC attacks have been a growing concern in the cyber security landscape, especially as businesses have become more reliant on digital communications. In 2023, these attacks have continued to rise, with cybercriminals increasingly exploiting email communications to gain unauthorised access to sensitive company information and cause substantial financial damage.

Let's look into the techniques and understand the modus operandi used by these scammers.

2023's top BEC Attack Techniques

1. Display Name Deception:

One of the most subtle yet effective forms of BEC attacks is Display Name Deception. With this technique, attackers craft emails that seem to come from trusted sources by manipulating the display name of the sender. At a first glance, the email appears legitimate, as the display name often matches that of a high-ranking executive, a colleague, or a known vendor.

However, upon closer inspection, the actual email address is either a slight variation of the legitimate one or entirely different. The objective is to capitalize on the recipient's recognition of the display name and prompt immediate action without them verifying the authenticity of the email address itself.

This method is particularly insidious because many email platforms display only the sender's name by default, especially on mobile devices. Therefore, a hurried or unsuspecting recipient might not take the extra step to confirm the sender's actual email address, making them an easy target.

Given its simplicity and effectiveness, Display Name Deception remains a preferred tactic among cybercriminals. It is often coupled with CEO Impersonation or Business Communication Intrusion or even Social Engineering.

2. Leveraging Social Engineering:

Social engineering as seen in previous editions (Top 10 APP Fraud in 2023) , exploits human psychology to manipulate individuals into revealing confidential information or taking unintended actions. With BEC attacks however, it's not about hacking software but rather influencing human behavior.

Some of the Key techniques include:

• Pretexting: Attackers use a false scenario, like posing as IT support, to obtain information.
• Phishing: Sending deceptive emails to gather personal data.
• Spear Phishing: Customised phishing targeting specific individuals or organisations.

BEC attackers often research their targets extensively, studying communication styles and habits.

3. CEO Impersonation and Vishing Schemes:

I am pretty sure that you already have seen CEO impersonation, which involves cybercriminals posing as top executives, often the CEO, to deceive employees into making unauthorised transactions or revealing sensitive information. The example above has been sent to my private email using a mix between Display Name Deception and CEO impersonation. In this case, the attacker crafts emails that appear urgent and confidential, leveraging the inherent authority of the CEO's position to induce quick action without verification.

The vishing variant, or voice phishing, takes this trick to the phone, and VOIP lines. Attackers call potential victims, impersonating trusted figures like bank representatives or IT support, to extract personal or financial details. The additional rise of Audio Deepfakes will surely make this attack even harder to detect.

Both methods bank on the recipient's respect for authority and the element of surprise.

4. Business Communication Intrusions:

Business Communication Intrusions are a tad more technical and involve cybercriminals gaining unauthorised access to an organisations official communication channels, such as email systems or collaboration platforms (MS Teams for example). Once inside, they monitor conversations, gather intelligence, and often intervene at opportune moments.

For instance, during a discussion about an invoice payment, an attacker might interject with a "new" bank account for the transfer, rerouting funds to their own accounts.

Such intrusions are dangerous because they exploit the trust between colleagues and business partners. The communications appear entirely legitimate, making them hard to spot.

Proactive Strategies for banks to prevent BEC

It is not unusual that attackers use a mix of the techniques seen above, and they will certainly continue to improve their techniques over time. So what can we do to mitigate that risk ?

The importance of awareness and education

Awareness campaigns serve as an important tool , and these campaigns can be run by a range of organisations, from government agencies to non-profits and businesses and of course the banking industry.

How Banks can help prevent BEC scams?

In the ongoing battle against advance BECs, banks play a central role not only as financial institutions but also as guardians of their customers' trust and security. Key to this is raising customer awareness about the nature of frauds and scams.

However, customer education is only one part of the equation. With the advancements in technology, banks can also harness?the power of artificial intelligence (AI)?to fortify their defenses against fraud. Implementing?AI-driven fraud detection systems like NetGuardians?allows banks to proactively monitor and analyze transaction patterns, as transactions resulting from a BEC would appear unsual for the organisation. These systems are capable of alerting banks to suspicious transactions in real-time, providing them with critical insights to identify potential BEC.

Moreover, these?advanced systems?can assist banks in?blocking fraudulent payments?before they leave the bank, thereby preventing financial loss . By deploying such technologies, banks can provide an extra layer of security, helping to safeguard their customers' assets and maintain their trust.

Who is NetGuardians and how can we help with Business Email Compromise ?

NetGuardians?is an award-winning Swiss FinTech helping financial institutions in over 30 countries to fight fraud. More than 80 banks worldwide rely on NetGuardians' smarter artificial intelligence solution to prevent fraudulent payments and various scams in real time like Business Email Compromise.

Don't hesitate to reach out to me if you're interested in learning more about how NetGuardians can benefit your organisation. Always happy to help.

Go deeper and learn more about BEC