Business Email Compromises

Business Email Compromises

Email phishing and business email compromises (also known as BEC or CEO fraud) are among the biggest challenges that organizations are facing in 2018. A phishing email contains one or more bad URLs or bad attachments and targets many individuals at the same time. A BEC attack usually targets one highly-placed individual and uses high level sophisticated social engineering.

email compromise

What are BEC / CEO Impersonation Attacks?

In BEC or CEO fraud, hackers craft emails to impersonate specific senior management executives, vendors, or suppliers to trick the recipients into transferring money or providing sensitive information to the hackers. The attackers first do their research on their targets via LinkedIn and other social media.
The skillful personalization of the email content by attackers serves two purposes. First, it helps the email to pass through spam filters and other checks for undesirable emails. Second, it persuades the victim that the sender is somebody that the victim knows and trusts.
Attackers also time their attacks to coincide with absences or business trips of the purported sender, making it difficult for the recipient to double check that the email is authentic.
For example, a CFO might be convinced that a fake email for an urgent funds transfer was sent personally by the CEO.

email compromise attack


Paladion’s Approach to Email Security:

There is no single clean way to handle emails being used for social engineering scams, malware infection, or simply spam. OEMs and email service providers are facing significant challenges in keeping scammers and spammers at bay. However, there are several best practices that when used together can be effective in containing the problem and that we list below.

email compromise attack

Monitor Your Emails Wisely:

Filtering based on location, subject, sender: There are two basic choices: keep known offenders out (blacklisting); or only let approved senders in (whitelisting). Each choice has its pros and cons.
Bad attachment found based on hashes: Attachment file names can be changed at will and tell-tale file types can be hidden behind others. On the other hand, the hash of the file content allows immediate checking against a list of hashes of files of known hacker tools and applications.
Special focus on spam emails received by VIP or high-risk members: So-called whaling attacks can be harder to detect, as they rely more on social engineering and less on malware. VIP awareness training should also be mandatory.
Correlate email threats with other cases like brute force and failed logins: Remember that attackers can use several attack methods. If you detect a phishing campaign, check other attack surfaces and vulnerabilities that may be threatened at the same time.

email compromise attack

Tighten Email Security Configuration:

. Implement SPF, DKIM, DMARC: Sender Policy Framework (SPF) restricts emailing to a list of servers allowed to send email for a given domain. DomainKeys Identified Mail (DKIM) is used to verify that emails have not be changed after leaving the originating server. With Domain-based Message Authentication, Reporting and Conformance (DMARC), an enterprise defines a policy for using SPF and DKIM, together with the reporting of email statistics for conformance.
. Open relay prevention: Also called an insecure relay, an open relay is an email server that relays emails from a third party. Spammers can locate such open relays relatively easily. They can then use them to send large amounts of junk mail (or worse).
. Subscribe to TI feeds to filter out emails at entry point: Threat Intelligence feeds can list compromised domains. Filtering rules based on this information can reduce the amount of email attacks, although very recently registered or compromised domains may not always feature in the latest TI feed.
. Subscribe to Advanced Malware Protection modules: Advanced malware protection goes beyond simple signature matching to perform other inspection and analysis, such as checks for malicious dormant and dynamic code that might otherwise be missed.

email compromise attack

Consider Additional Security Controls:

Similar domains registered like yours: Machines are excellent at picking out the smallest differences, but human beings are less so. Use awareness training to demonstrate how even small differences of a letter or two in a domain name can indicate hackers at work and threats of email compromise. (Domain Typosquatting is where an attacker registers a similar sounding domain to yours and uses it for trapping victims. Register your domain records for people to identify the genuine domains and initiate take down services for Typosquatted Domains that have been proven to cause an attack impacting you or your users.
Social Engineering exercise: Everybody needs to do this. Make sure that VIPs and other employees do not fall for fake URLs or malicious attachments, and that all departments follow a strict policy of checking email requests for fund transfers or for sensitive information via another channel (face to face or phone, for example.

email compromise attack


Email attacks can be very lucrative for hackers when they scam top executives or people working directly for them. With so much information available today on social media and elsewhere, hackers can often piece together the data they need to make a business email compromise attack look like an authentic everyday operation to its targets. By applying the practices described above, you will at least be able to significantly reduce the risk of such an attack succeeding on your enterprise or organization.

email compromise attack


Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Ethical Hacking Training in Dhanbad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Data Analysis

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 


Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery


Other Location for Online Courses: