business email compromise attack A business email settlement attack (bec) is a kind of deceptive hack in which malicious strangers target company email systems. By deceiving a shared email account, bec attackers can access important data and perform various types of effective hacking. These attacks are also often called "man-in-the-mail" attacks.
 |
| Business email compromise attack |
[free e-book] introduction to microsoft azure and microsoft cloud:
Shows business email compromise (bec):
Certain types of business email attacks occur when hackers can access other users by deceiving commercial emails. The fake billing system, where attackers demand money transfers and final payments in their accounts, is one of the most common plans. There is also executive fraud, where attackers impersonate driving. In addition to executive fraud, attackers can impersonate a lawyer or third party requesting sensitive information.
- Hackers can also use account reconciliation settings to get users to change information and give that data to hackers. Different types of data theft can also be applied.
- It is difficult to protect the business email solution because emails do not contain some of the hallmarks of other types of malware.
Companies should develop specific policies to prevent commercial email attacks from settling and protect ing commercial email systems so that fraudulent parties do not become fraudulent via email. Security professionals and vendors should be familiar with ways to protect e-mail systems from this kind of deceptive "social piracy", which in many ways resembles "random phishing" techniques.
99% of email attacks require human interaction: security researchers:
Mail-based cyberattacks are common these days. I'm not the only one who's received emails saying that the file in the facility contains data that i might be interested in knowing. Social engineering has become one of the main tools that attackers use to attract targets to open links or attachments.
Proofpoint's "the human factor 2019 report" analyzes how email attacks depend on human interaction rather than automated exploitation. Based on data obtained by examining a billion messages per day over 18 months, the report concludes that more than 99% of attacks require human interaction to succeed.
Disguised social engineering makes it difficult to distinguish between fraudulent email and original e-mail. Most attacks design e-mail as it looks from a trusted source such as google, microsoft, or a known contact.
- The report also states that hackers tend to imitate businesses to deceive employees working there.
Other key findings in the report include:
People who are often targeted by fraudulent emails are usually not prominent personalities or important figures. These identities or "goal-of-opportunity" are discovered for attackers.
- Domain fraud — registering a domain name that resembles popular brands to deceive users — gives a sense of legitimacy to a deceptive, socially designed email.
- Social engineering is widely used in phishing, online fraud, and business email settlement (bec).
- Malicious actors prepare email attacks in a way that makes it difficult to distinguish between spam and regular mail. However, you can identify potentially harmful mail by checking its domain name.
- You should also avoid clicking on unknown links and more.
How to make the email process normally secure:
First enter four types of e-mail phishing techniques:
A. False sender alias:
Using the properties of the mail account alias field and using public mailboxes to falsify other people's accounts, this type of counterfeit email account is at the highest rate, and because the actual sender's address is real, interactive fraud can be performed.
(b) falsification of the same domain name:
Squat the name of a similar domain, such as app1e (not l, but number 1), and then you can follow the routine.
C. False defendant:
Using the reply field on top of the email, along with the fake real sender's attack, the real sender's address is maliciously sent from the internet, and the victim's email reply is sent to the gmail mailbox.
Depending on the type of attack, it can be summarized in three categories:
Depending on the type of attack can be summarized in three categories;
1. Ransomware attacks
41% of companies worldwide were attacked by ransomware, and 70% of victims chose to pay the ransom. Email is the most common method of delivery, whether it is a network attack or a targeted attack, representing 59%, followed by websites, social media and infected storage. Common trade fraud topics include invoices, shipping information, late accounts, etc.
2. Business email fraud (bec) bec - business email settlement.
Commercial email frauds are also called frauds by the president, the same as phone frauds "i'm your leader."
A. External business rules are based on signed contracts and electronic transfers (such as corporate credit cards and cheques), so the email fraud routine is the most pure, and the process will not be repeated.
B- chinese business rules are based on sealed contracts and paper invoices, inferring from the rules of the game that china is immune to email fraud;
3. Email phishing company
Longer sending phishing emails on behalf of the company, especially counterfeiting e-commerce companies (taobao, jd, amazon, etc.), utilities (public security act, 12306, etc.) send highly harmful phishing messages. Such attacks have no direct impact on the company, but indirectly affect the company's reputation.
Good habits to protect email security;
The first trick: keep up to date with os applications;
Regularly check whether the operating system applications are updated, update and install the latest operating system and patches of applications in time to prevent criminals from exploiting software vulnerabilities to carry out ransomware attacks.
The second trick: make regular backups;
Full regular mirror backup is the simplest and most effective way to defend against network attacks. Back up key files regularly, preferably local and secure cloud storage for the company, to avoid the impact of ransomware attacks in the event of a threat of attack.
Trick 3: use a strong password and edit it regularly:
A password setting is a problem we often face in our daily operations, but how to set a password that is easy to remember and not easy to hack is the key to security protection. When you set a password, try to avoid using personal information, including your family names, birthdays, mobile phone numbers, id numbers, etc. Since this personal information is often in the public state, it is very easy to decipher and guess. At the same time, we must avoid very weak and simple passwords. These passwords have common problems - very short in length, simple in shape, and simple in content. These weak passwords will reduce the security factor for email accounts.
The fourth trick: regularly check the computer environment and mailbox:
Regularly check the computer login environment, reduce the number of corporate mailboxes in public places, and prevent mailboxes from being stolen due to computer viruses and trojans. In addition, you should also check your mailbox settings, such as the classification of incoming messages, automatic forwarding, and a self-service query about whether an ip login is normal.
Trick 5: be aware of whether the sender is forged:
He found that criminals use fake email accounts to blackmail from time to time, accompanied by a steady growth trend. Users need to pay attention to whether the sender is forged in use - whether there is an agent tag, whether the account is similar, etc., once confronted you must report such emails to the mailbox administrator in time. When you receive an email about the payment, please contact the other party to confirm the payment before making the payment.
The sixth trick: publishing postage certificates to companies' mailboxes:
In the e-mail process, users often engage email communication with customers about sales, purchase contracts or transfer issues. To ensure the integrity of the transaction, the mailbox certificates of the company's mailbox must be published.
Post age
In order to protect customer interests and maintain customer data security, suan times now provides users with a global customer personal certificate that supports all browsers and email programs for free — a free email certificate from gdca. Mail users use gdca mail certificates to sign and digitally encrypt emails. On the one hand, it can guarantee the authenticity of the sender's identity, and on the other hand, it can ensure that the e-mail is not read or manipulated by others during the transmission process, and the recipient will verify the integrity of the email content.
0 Comments
Welcome to our site. We hope you enjoy reading and watching interesting videos. We hope you like it. We offer various videos that suit all ages and genders.