" email scams Archives - LuxSci

Posts Tagged ‘email scams’

How to Avoid Business Email Compromise Attacks

Tuesday, July 5th, 2022

Business email compromise (BEC) attacks are on the rise and are poised to eclipse ransomware as the biggest threat to cybersecurity. Since 2016, $43 billion has been stolen through BEC. Even more concerning, there has been a 65% increase in BEC from 2019 to 2021. This article explores what business email compromise scams are and what steps organizations can take to avoid them.

business email compromise

What are Business Email Compromise Attacks?

In business email compromise scams, attackers infiltrate or impersonate a legitimate corporate email account. They then send phony invoices or initiate contract payments that trick unsuspecting businesses into wiring money to criminals.

These scams rely on humans making the wrong choices. Some examples of business email compromise scams include:

  • A criminal impersonates a vendor and sends a fake invoice to the accounting department.
  • Someone who appears to be the company CEO asks an assistant to make a wire transfer to an unknown account.

Some of the tactics used include:

  • Domain name spoofing: Domain name spoofing involves changing the sender’s “From” address to match the recipient’s domain in the message envelope. Criminals can also use a legitimate domain as the “From” address and a spoofed “Reply-To” domain in the message header.
  • Display name spoofing: The attacker registers a free email account to impersonate a vendor or employee. The attacker would configure the display name to match the employee’s name and then send phishing messages from this account. This technique is effective because recipients often only look at the display name, not the email address. In fact, many email clients will only show the display name when viewing the message, making it easier to hide the sender’s real identity.
  • Lookalike domain spoofing: The attacker may register fake domain names that contain characters that look similar to those in the actual domain name. For example, replacing the lowercase “l” in luxsci.com with an uppercase “I.” The criminal will send phishing emails from this domain to trick the recipient into thinking the message is legitimate.
  • Email Account Compromise: Another common tactic is taking over legitimate email accounts that have been compromised through malware or social engineering to steal data or funds.

How to Prevent Business Email Compromise Attacks

One of the reasons that business email compromise attacks are increasing is because they are often successful. Email filters and content scanning can do little to stop sophisticated social engineering attacks. Nevertheless, there are steps that organizations can take to stop BEC scams.

SPF, DKIM, and DMARC

Implementing technical controls can help prevent BEC scams from succeeding. As discussed above, many attacks use display or domain name spoofing to impersonate company accounts or individuals.

Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC) are anti-spoofing email authentication techniques that use DNS records to validate the sender of an email. Ensure the organization’s domain has valid SPF, DKIM, and DMARC records. Make sure the email provider analyzes all inbound email traffic using these tools.

Viewing the headers of a suspicious message is also an excellent way to detect fraudulent domains. See Gmail, Outlook, Apple Mail, and More: How to View Headers in Email to learn how to see these in the most popular email clients. This can help reveal the actual sender of someone using a spoofed domain or display name.

In addition, implementing email filtering and scanning tools can help flag suspicious links and protect against phishing attacks.

Employee Training

Helping employees recognize business email compromise scams is essential to avoiding them. All employees, not just those with access to sensitive data or financial information, should understand the tactics used by cybercriminals in BEC scams.

Employees should be aware that attackers can use the information they share online via social media against them. Birthdates, pets’ names, nicknames, and information about time off can be used to impersonate others and trick individuals.

Ensure employees are implementing strong passwords and using multifactor authentication to prevent account compromise and stop them from changing account credentials.

Policy and Procedures

Creating clear policies and procedures can help alleviate confusion and prevent individuals from taking action without thinking. For example, organizations should have clearly defined procedures for how and when vendors will send invoices and be paid. That way, when an unexpected email comes in from a “vendor,” employees will know what to do. It’s also essential to keep up-to-date contact information for vendors and employees. Many BEC schemes ask recipients to call a phone number with account credentials or payment information. If the number differs from the contact information on file, it’s wise to pause and call the contact through established channels to confirm the message’s accuracy before proceeding.

By creating clearly defined and enforced policies and procedures, it will be very obvious when deviations occur. Empowering employees with the tools they need to identify business email compromise scams will help protect your company and keep financial information secure.

How to Know if an Email is a Phishing Scam or Not

Tuesday, November 20th, 2018

Phishing scams are a major threat to all email users, especially businesses. The scary part is that they are becoming increasingly sophisticated. Phishing emails popped up sometime in the early 90s. However, back then, they weren’t too hard to detect. For instance, typos were commonplace in old-school phishing mail, which was a dead giveaway.

Of course, this was long ago, when email was still in its infancy. Times have changed, and today’s cybercriminal has changed with the times. Their tactics have evolved, and phishing emails are far more convincing than they used to be. They are well-written and personalized. Hackers and cybercriminals already have a rough idea of who you are, which means today’s phishing emails are targeted.

Today’s phishing emails also look authentic; they replicate the design and aesthetics of legitimate emails. In fact, at first glance, you wouldn’t know the difference between an actual email from your bank and a fraudulent version. This makes fighting phishing scams a significant challenge.

On the rise

According to data from the RSA, phishing attacks are only growing, despite an increase in user awareness. One primary reason for this growth is the simplicity of executing such scams. Malware developers now offer automated toolkits that scammers can use to create and host phishing pages with the utmost ease.

It is estimated that each phishing attack manages to extract an average of $4500 in stolen funds.

So, the big question is – how does one protect their email, especially when phishing scams are evolving? Well, here is what the experts have to say.

Never trust just a name

 A common tactic scammers use is spoofing the display name in an email. According to a study done by ReturnPath, around 50% of 760,000 email threats targeting some of the world’s biggest businesses used this tactic.

This is how it works – let’s say a scammer spoofs a brand name such as “Nike.” The sender’s email address may look something like “Nike nike@customersupport.com.” But, even if Nike doesn’t own the domain “customersupport.com,” DMARC and other email authenticity and anti-fraud tools will not block the mail. This is because the email is legitimately from customersupport.com, even though this domain has nothing to do with Nike. There is no authentication for the “comment” that goes along with the email address (in this example, that is the word “Nike”).

Read the rest of this post »