Page 123 - Cyber Defense eMagazine September 2023
P. 123
How else a BEC-attack may look like
In fact, email services aren’t the only tool, which intruders use to perform attacks. Not so long ago
cybercriminals began using video conference software, for instance, ZOOM, in order to make employees
send money or share some confidential information. In such case, intruders usually use deepfake
technologies to commit fraud.
For instance, an intruder hacks an executive’s email and sends employees an invitation to join a
videoconference. During the call the intruder fakes the video and types a message in the chat that there
are some problems with the connection or that he/she has problems with the microphone. Then, the
intruder adds that he/she wants employees to make a money transfer and explains, where money should
be sent to.
Most often, such incidents are detected in the USA, however, it’s quite probable that with the further
development of the technologies, used for deepfake creation develop and their price decrease, intruders
in other countries may also start to actively use such technologies for their malicious aims.
It’s possible to prevent BEC-attack. In order to successfully cope with the task, it’s required to be
acknowledged about the information security rules and stick to the recommendations by information
security experts.
Building protection against corporate email compromise
Intruders implement social engineering techniques to perform BEC-attacks and it’s important to ensure
complex protection against them. One the one hand it’s crucial to enhance employees’ information
security and general computer literacy, on the other hand it’s required to implement specific protective
solutions and develop specific regulations for staff members which will help to enhance of corporate
protection.
Enhancing employees’ competencies in information security related issues is a crucial aspect in terms of
enhancing corporate safety. If an employee isn’t acknowledged about the existing risks, he/she won’t
recognize a phishing letter at the first attempt, what will result into large financial losses for an
organization. However, there is much organizations’ employees in charge can do themselves in terms of
employees education in information security related issues. For instance:
• Reveal, what are phishing and BEC attacks
• How to distinguish fake email from a real one
• Occasionally imitate attacks, for instance phishing attacks (to check, whether employees
understood the theory and are aware of security recommendations).
If your organization lacks experts and resources for developing a training program, there is an option of
contracting third party experts. For instance, our company experts have been conducting cyber literacy
training for employees of various companies and state institutions for three years yet.
Cyber Defense eMagazine – September 2023 Edition 123
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.