Cyber crooks pretend to be CEOs, forcing finance departments to pay fake invoices. Faced with the risk of many cyberattacks, companies find it difficult to effectively secure themselves, especially when it comes to human error. In BEC (Business Email Compromise) attacks, also known as boss scams, cyber crooks pretend to be a senior executive via a fake email, asking the accounting and finance departments to make an immediate payment for a fake invoice. Alev Akkoyunlu, Operations Director of Laykon Bilişim, the Turkey distributor of Bitdefender Antivirus, emphasizes that in some BEC attacks, fraudsters can earn 62 times more profit than ransomware attacks, and shares the precautions that companies can take against BEC attacks.
Cybercriminals use numerous methods to obtain company data. In the boss/CEO scam, also known as BEC, fraudsters try to gain financial gain by sending a fake e-mail to companies, especially the finance departments. In order to gain the trust of their victims and make an urgent money transfer without confirmation, cybercriminals who present themselves as a senior executive in the email often point out that it is a fake invoice that is overdue. Laykon IT Operations Director Alev Akkoyunlu, who underlined that BEC attacks are the most lucrative way for cyber fraudsters and therefore deep researches are made about the targeted victim and company, states that employees should be careful about these e-mails coming from the name of CEO or CFO and that they should be careful against BEC attacks. lists the measures that companies can take.
Who are BEC attacks targeting?
While many organizations are under great threat from BEC attacks in recent days, large-scale companies with little individual communication between departments are more likely to be attacked by this type of attack. According to Alev Akkoyunlu, large-scale companies often fail to distinguish a fake invoice from a real one, as they often employ too many subcontractors. So much so that the cybercriminals, who think that large-scale companies will make it easier to approve payment for a single invoice, act knowing that it will take a long time to be caught after the fraud they have committed by targeting such companies.
Fighting BEC attacks is not impossible!
Although it is difficult for companies to take effective cybersecurity measures to combat BEC attacks, which are based on human error, it is not impossible. There are various cyber security measures that companies can take to minimize the risk of being affected by boss fraud. Alev Akkoyunlu states that it is of great importance for companies that company employees act knowing the potential impact of such attacks and that employees should be made aware that these attacks are much more critical than a spam attack that can be considered harmless, and conveys the precautions that companies can take in the face of BEC attacks.
Precautions to be Taken Against BEC Attacks
Company employees need to be seen as the most important line of defense against BEC attacks. For this reason, Laykon IT Operations Director Alev Akkoyunlu, who stated that attention should be paid to raising the awareness of employees at every step of the measures to be taken, lists the steps that companies can take in order to be cautious in the face of BEC attacks.
1. Provide safety training to company employees.
If companies don't already have a security awareness program, educating employees about other types of attacks they may encounter, including BEC attacks, is crucial in combating attacks. To better understand what your risk of BEC attacks is, simulation training simulating a BEC attack will give you a clear idea of the overall preparation of your department while helping you identify people who may need further training.
2. Inform the accounting and finance department.
Accounting and finance departments are at the forefront of the departments that constitute the high-risk group in the face of BEC attacks. For this reason, departments at risk, especially the accounting department, need to be aware of what BEC attacks are and what paths cybercriminals follow in BEC attacks. Setting policies that stop or prevent payment of invoices without the specific consent of certain parties can help protect against BEC attacks by adding verification steps that can catch a suspicious invoice or email before it is paid.
3. Build a layered defense system.
After learning about BEC attack scenarios, it will be the next step for companies to prevent attacks through IT controls such as application-based multi-factor authentication (MFA) and virtual private networks (VPN).
4. Use an enterprise security solution.
It is necessary to use corporate security solutions to combat e-mail frauds, especially BEC. With the Email Security feature in Bitdefender GravityZone, companies can benefit from complete business email protection that goes beyond malware and other traditional threats such as spam, viruses, large-scale phishing attacks and malicious URLs, as well as BEC scams. It also gains the advantage in stopping modern, targeted and sophisticated email threats, including Depending on your organization's risk tolerance, you may want monitoring and detection tools that filter out problem domains or fraudulent email senders. This will prevent automated attacks and even reduce the risk of your employees seeing a dangerous email.
Be the first to comment