December 10, 2018
Standing on the top of the mountain is no easy task.
If you are sitting in a comfy “boss” chair, have a fancy nameplate on your desk, get treated like a big deal, then you’re at the gunpoint.
No, it’s not about the snipers on the roof of the building next to you, they are on vacation. The “red dot” of “the gun” is placed on something far more unexplored than the human body.
It is placed on your very own email.
If you don’t feel threatened, then you most definitely didn’t hear anything about Business Email Compromise or just BEC.
BEC is a digital world nightmare for any high-ranking executive of a profit-oriented organization.
It is a sophisticated scam that is directed at the “whales” of the corporate sector – CEOs, or at a person who has direct access to financial operations within the company. That whale is you, and you probably don’t plan to lose all your caviar to some shady Internet hackers.
BEC scheme is super popular.
This kind of cyber-attack has led to 5 billion-dollar losses worldwide and is expected to result in a rise to 9 billion-dollar losses in 2018.
BEC attacks have been reported in 131 countries already, and any enterprise that doesn’t want to join the rank of losers has to be aware of the issue in order to prevent its rapid growth.
Being an expert in your field is one thing, but being an expert in preserving your finances is a different matter.
Business Email Compromise statistics show us that this type of attack doesn’t target any business sector specifically, so anyone can be potentially compromised. This scam can go either way, but it is always oriented on money transactions – both when exploiting your business partners or you and your co-workers.
For example, after guessing or brute forcing the password of a CEO’s email, a hacker builds a phishing strategy, implementing time-proven malware, tricks of social engineering and keyloggers to build his blueprint.
The sensitive information within the compromised email helps build a mind map that identifies the weakest link in your personnel.
Leoni AG, one of Europe’s biggest manufacturers of wires and electrical cables, has announced a loss of €40 million ($44.6 million) following a BEC attack that tricked one of its financial officers into sending money to the wrong bank account.
This particular case targeted a young woman, who received an email spoofed to look like it came from one of the company’s top German executives.
Hackers pick up the words you choose and mimic your writing to become more authentic and believable. With AG Leoni, the hackers waited for 75 days before pulling the trigger. 75 days is more than enough to develop a working strategy that will drain your budget.
After setting up the scheme, the hackers request an immediate money transaction, pressuring your employees to act swiftly. Wire transactions are often urgent, so domain spoofing works perfectly on people who are rushed into some “top secret” operation.
BEC attacks don’t rely on malicious attachments heavily, as they can be identified by antiviruses and spam filters as potential malware. Social engineering is BEC’s preferred weapon, and basic phishing attacks often precede them.
Keyloggers, man-in-the-middle attacks and network sniffers record, capture and intercept sensitive files and other data from the user’s side.
Some business email compromise cases end with a much better finale, as BEC attacks can be cut short with high awareness and advanced security measures. A fraudulent wire transfer of $148.500 stumbled into the basic protection layers and was found out immediately. Want to find out how that was possible?
The first thing that gave out the hacker was a non-existing prior payment history between the companies. His transfer request form also didn’t match the standards, so he was asked to fill the form again, but this time the form was sent to him via a secure email.
Unable to open the letter, the imposter requested to fax the wire instructions, which raised even more suspicions from the bank representatives involved in the operation.
A basic phone call back for authentication showed that it was indeed a fraud. No funds were lost as a result, all thanks to the bank’s internal control.
Two basic logistic steps prevented a hefty loss for the company and exposed the hacker.
The two-factor authentication must become a norm for you too because protecting your account only with a password is not enough.
You’re making life easier for cyber attackers by resisting a more complicated authorization process. This little detail can bail you out, but there are more ingredients to a successful defense of your accounts.
The part that mentioned “secured mail” probably raised some questions in your head. By being unable to decrypt the email, the hacker was brought to the light of the truth. Mail encryption codes the original email in such a way that it becomes unreadable for anyone who shouldn’t be involved.
And what would you think if you found out that the solution that combines both of those precaution measures already exists?
The Business Email Compromise (BEC) prevention solution is called StealthMail. This data protection solution provides you with a Stealth channel of communication and guards you from data breaches and costly financial mistakes.
StealthMail brings you a patented data transferring technique that puts the content of your letters out of the harm’s way by storing it in the secure storage in your own company!
Other solutions fail to do the same with your confidential data, relegating it to third-party servers that have all the control over the encryption keys. People that choose to do that miss the entire point of encryption and risk everything, believing that their data will not be disturbed.
At StealthMail, we think that only you and your clients should have access to the sensitive files and information, to keep everything clean and simple.
Simple Mail Transfer Protocol (SMTP) is your worst enemy when it comes to sending business-related data, as it sends the information as plain text, giving eavesdroppers an opportunity to steal what’s yours. That’s why Stealth Technology is based around a Secure Dynamic Network and Protocol (SDNP).
The BEC blueprinting is impossible with your data traveling through a protected channel in an encrypted form, as it is invisible to email relays and unreliable servers that regular emails travel by.
When getting started with StealthMail, users have to go through a two-way authentication, guaranteeing that only genuine users get a pass.
All times after that, users would still have to verify themselves, flashing digital signatures as a “passport”. The encryption keys are in your full control, so you would have all the power in the sign-up process.
StealthMail email security solution doesn’t require integration, as it is often used as an add-in for Microsoft Outlook. It is also available as a desktop and mobile app, providing you with flexibility when dealing with business correspondence.
StealthMail is everything you want and need for secure business communications.
Protect your organization from Business Email Compromise (BEC) by scheduling a free one-on-one consultation about the solution at StealthMail.com today!