Business email compromise (BEC), also known as “email spoofing” or “CEO fraud,” is a type of cyber-attack that involves compromising a legitimate business email account and using it to send fraudulent messages. The attacker may use the compromised account to send fake invoices or requests for payment, to conduct wire transfer scams, or to gather sensitive information such as login credentials or financial data.

BEC attacks can be difficult to detect, as the messages may appear to come from a trusted sender and may use the company’s branding and logo. They can also be hard to prevent, as attackers may use a variety of tactics to gain access to the email account, such as phishing or malware.

How to protect yourself

There are several steps that businesses can take to protect against business email compromise (BEC)Here are a few examples:

  1. Use SPF, DKIM, and DMARC to verify the authenticity of email messages. As mentioned above, these technologies can help to prevent malicious actors from sending spoofed emails that appear to come from a legitimate domain.
  2. Train employees to recognize and report phishing emails. Employees should be aware of the common tactics that are used in phishing scams, such as urgent requests for personal information or money, and be prepared to report any suspicious messages to the appropriate authorities.
  3. Use strong, unique passwords for all accounts and regularly update them. This will help to prevent attackers from gaining access to email accounts and sending spoofed messages from them.
  4. Enable two-factor authentication (2FA) for all accounts whenever possible. This will require users to enter a one-time code in addition to their password when logging into an account, which can help to prevent unauthorized access even if an attacker is able to obtain the password.
  5. Use encryption to protect sensitive information that is sent via email. This will help to prevent attackers from being able to read the contents of messages even if they are able to intercept them.

SPF (Sender Policy Framework)

SPF is a protocol that is used to verify that the sender of an email message is authorized to send messages from a specific domain. This helps to prevent malicious actors from sending messages that appear to come from a legitimate domain, but are actually being sent from a different, unauthorized source.

DKIM (DomainKeys Identified Mail)

DKIM is another protocol that is used to verify the authenticity of an email message. It works by using a digital signature that is associated with a domain to verify that the message was actually sent by someone with access to the domain’s private signing key.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC is a technology that builds upon SPF and DKIM to provide an additional layer of protection against email spoofing. It allows domain owners to publish a policy in their DNS records that specifies how email servers should handle messages that fail SPF or DKIM checks. This can help to prevent malicious emails from being delivered to recipients’ inboxes.

By implementing these and other security measures, businesses can help to protect themselves and their employees against business email compromise and other types of cyber-attacks.

Video: How to Spot a Phish –