Protect your organization from a Business Email Compromise attack

September 6, 2018

Imagine the scenario.

Your most valued client receives an email from you requesting an invoice payment. Being the great client that they are it’s processed promptly!

The trouble is, that email wasn’t really from you. It was sent from a cyber attacker who’d gained access to your corporate network and spoofed your identity – tricking your client into making payments into criminal accounts.

How would you manage that? Could the damage to confidence and trust ever be repaired?

This scenario isn’t as far-fetched as you might think. In fact, new research shows that this – and other types of “Business Email Compromise” (BEC) attacks – are on the rise. In fact, there’s been an 80% increase in their occurrence based on analysis of more than 142m emails, the research suggests.

In a BEC attack, a cyber attacker gains access to an employee’s corporate email account and spoofs their identity to trick other employees, clients, or partners into divulging company confidential information, or approving a payment. This isn’t a new threat. In 2015 Ubiquiti Networks lost $46.7m through such a scam, with payments being made over a 17 day period.

Another variant involves gaining access to an employee’s account to intercept or alter business transactions. In both cases access is often gained through either malware or social-engineering (phishing) tactics. Unfortunately, once within the network, these types of attacks can be difficult to spot. In many cases, it’s not uncommon for the victim to be completely unaware that their emails are being intercepted, or that emails are being sent on their behalf.

It proves again that the combination of email and human error remains one of the greatest risks to a data breach, reputational damage, and financial loss.

Creating a “culture of security”

We’ve written before about creating a better “culture of security” in the workplace. It’s something we believe passionately about. By helping employees to better appreciate the risks, and providing practical examples, you dramatically reduce your dependencies on lengthy, rigid security policies that are quickly forgotten about!

For some suggestions on how to start building this culture of security, check out this short guide.

Is email fit for your your most important communications?

Of course, there’s also no substitute for deploying a more secure messaging solution into your business.

Email was never designed with security in mind and, as this news suggests, targeted malware, and phishing threats are still reaching employee inboxes despite advances in security and spam filtering.

For organizations that demand complete security, with full end-to-end encryption to mitigate the threat of many of the most common man-in-the-middle style attacks, Wire is the perfect enterprise messaging and chat solution.

It’s more secure than email, and other messaging apps, and uses end-to-end-encryption, with forward and backward secrecy (so that each new message and interaction uses a new encryption key). This ensures messages are completely secure and protected from man-in-the-middle attacks. Not even Wire has access to the conversations!

A solution like Wire is also a fantastic way to build client trust. Clients today are increasingly looking to work with partners that can offer them best-in-class security across all of their communications – from messaging and secure file sharing through to encrypted calls.

Telling a client that your networks are protected and communications secure is one thing. But being able to demonstrate that your messaging is also end-to-end encrypted and secure is the sort of differentiation that can really help you to stand out against the competition! It’s why Wire has become such a popular choice for businesses that prioritize not only their own security, but also that of their clients.

Morten Brogger, CEO, Wire


Ready to try Wire?

Start your free trial or get in touch with our team for a demo session.

Back to all posts