In a recent conversation with a business owner, they disclosed that they were going through a BEC (Business Email Compromise) attack on their network. There are a lot of email threats out there, but this attack was worse than most.
The attackers gained access to their email, monitored activity to see who they corresponded with and what vendors they use. Once they determined who they regularly sent large payments to, they injected themselves into the conversation posing as the vendor asking for a large payment. They told them that their banking account information had changed and provided a new account to wire the payment to.
The business owners sent them a substantial amount of money. Two weeks later the vendor contacted them saying they never received the requested payment. That was the first time they realized they had been duped.
Points of Entry
There are several possible points of entry for an email threat. Phishing emails are one of the most common methods. Attackers can also use compromised passwords to gain access as well as compromised endpoints.
When most people thing of email threats and various attack methods, phishing is top of mind. This is the old Nigerian prince scam. You’ve inherited a fortune and you just must send him your social security number and back account information so he can deposit your windfall.
Anytime someone sends a fraudulent email trying to look reputable in order to induce individuals to reveal personal information its phishing. They’ll try to get passwords, or credit card numbers, or social security numbers.
Another common method of attack is the simplest. A compromised password. Bad actors can buy lists of compromised passwords on the dark web cheap. Simple passwords can be cracked with a brute force tool.
If a user reuses the same password across multiple accounts, they can get access to all of them. Once in, they can sit and observe your email correspondence over time. Then inject themselves seamlessly into an already ongoing conversation for whatever nefarious purposes they see fit.
Endpoint compromise via email can happen in a few different forms. A common attack is to have an attachment that looks like a regular document received over email. Then when the user clicks to open the attachment, it has a malicious payload of some kind. This can be a keystroke logger, or other attack.
Its also possible that the email contain a link to a malicious website that when clicked can compromise the endpoint.
In the case of our poor prospective client, he believes that he clicked on a malicious attachment in his email. He said he didn’t “feel right” about it, but by the time he clicked away it was already too late.
Primary Ways to Prevent
There are a bunch of ways that your company can protect against email threats. There are both technical and procedural solutions that will help keep you safe. End user security awareness training can go a long way to educate your staff. Multifactor authentication can help keep bad guys out even when there is a compromised password. A quality email security suite can add layers of protection. Finally proper procedures can help keep you safe.
End User Security Awareness Training
Humans are often the weak link in IT security. i.t.NOW recommends that every business engage their people and train them on how to stay safe online. A good security awareness training program can help your workforce identify and avoid phishing and other email threats.
Multi-factor authentication is a layered approach to securing data and applications where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. – CISA Most MFA systems try to keep things as simple as possible by sending a code or a push notification to your phone that you click to authenticate. This protects you even if you have a compromised password because the attacker can’t get in without your second form of authentication.
Email Security Suite
Another great tool to guard against email threats is a quality email security suite. The best ones will have a great SPAM tool to keep some of the junk from hitting your inbox to start with. In addition, they will have DKIM (Domain Keys Identified Mail) which helps prevent email spoofing. Sandboxing is another important feature because it can determine if an attachment is malicious. If it is, that email will never get to your inbox.
Another layer of security that isn’t any type of technology is proper procedures. Is there some kind of manual verification with the vendor if you have a change in banking info? Does your team have a set policy the need to follow regarding bank transfers? Some commonsense policies and procedures can add another layer of protection to the technical safeguards.
Making Security Simple
i.t.NOW has been working with businesses for over 20 years to make IT support and security simple. If any of this sounds daunting, give us a call and we’ll show you how easy security can be. Click here and fill out the form for a free consultation.