How else a BEC-attack may look like

            In  fact,  email  services  aren’t  the only  tool,  which  intruders  use  to  perform  attacks.  Not  so  long  ago
            cybercriminals began using video conference software, for instance, ZOOM, in order to make employees
            send  money  or  share  some  confidential  information.  In  such  case,  intruders  usually    use  deepfake
            technologies to commit fraud.

            For  instance,  an  intruder  hacks  an  executive’s    email  and  sends  employees  an  invitation  to  join  a
            videoconference. During the call the intruder fakes the video and types a message in the chat that there
            are some problems with the connection or that he/she has problems with the microphone. Then, the
            intruder adds that he/she wants employees to make a money transfer and explains, where money should
            be sent to.

            Most often, such incidents are detected in the USA, however, it’s quite probable that with the further
            development of the technologies, used for deepfake creation develop and their price decrease, intruders
            in other countries may also start to actively use such technologies for their malicious aims.

            It’s  possible  to  prevent  BEC-attack.  In  order  to  successfully  cope  with  the  task,  it’s  required  to  be
            acknowledged about the information security rules and stick to the recommendations by information
            security experts.




            Building protection against corporate email compromise
            Intruders implement social engineering techniques to perform BEC-attacks and it’s important to ensure
            complex  protection  against  them.  One  the  one  hand  it’s  crucial  to  enhance  employees’  information
            security and general computer literacy, on the other hand it’s required to implement specific protective
            solutions and develop specific regulations for staff members which will help to enhance of corporate
            protection.

            Enhancing employees’ competencies in information security related issues is a crucial aspect in terms of
            enhancing corporate safety. If an employee isn’t acknowledged about the existing risks, he/she won’t
            recognize  a  phishing  letter  at  the  first  attempt,  what  will  result  into  large  financial  losses  for  an
            organization. However, there is much organizations’ employees in charge can do themselves in terms of
            employees education in information security related issues. For instance:

               •  Reveal, what are phishing and BEC attacks
               •  How to distinguish fake email from a real one
               •  Occasionally  imitate  attacks,  for  instance  phishing  attacks  (to  check,  whether  employees
                   understood the theory and are aware of security recommendations).

            If your organization lacks experts and resources for developing a training program, there is an option of
            contracting third party experts. For instance, our company experts have been conducting cyber literacy
            training for employees of various companies and state institutions for three years yet.








            Cyber Defense eMagazine – September 2023 Edition                                                                                                                                                                                                          123
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.