What is Business Email Compromise?

    Continuing with our Tuesday Tech Tip email security series, we will discuss business email compromise. What is a business email compromise? How does business email compromise happen? And most of all, how do you protect your company from business email compromise? 

    So, what is a business email compromise? A business email compromise is more of an outcome or means by which the bad actors exploit email. There are multiple tactics and ways that these bad actors get a business email compromise to happen.  It can simply be from somehow scamming your password and what we call account takeover and then being able to compromise you. Also, it could be from a spearfishing attack. A spearfishing attack is where the bad actors target specific people, for instance, the CEO and CFO. As well through other means in which there is a Man in the Middle Attack.

    Ultimately, business email compromise is a class set for the highest risk. Therefore the highest payoffs for the bad actors. A business email compromised will cost you or your cyber liability insurance a lot of money while the bad actors make some money. 

    So let’s talk a little bit about what is a password takeover? That’s when someone gets unauthorized access to your online account. Sometimes they can get this just by sending an email saying, “Hey, your account is almost full. All you have to do is click here to get unlimited space. To get unlimited space, all you have to do is enter in your email address and password.”

    Well, with Microsoft 365, you just gave the bad actors the keys to the Kingdom. They can now rape and pilfer your entire Microsoft 365 environment. Most people look at that as just their email, but there is a whole ecosystem behind the scenes in Microsoft 365 that there’s a lot of room for exploits.

    I’ll tell you one quick story about a financial planner we work with to help secure their email. One of the financial planner guys had his account taken over. The bad actors went out and made forms on the Microsoft 365 platforms. It was a questionnaire with all demographics asked. They asked for their social security numbers, spouses’ names, phone numbers, email addresses, and date of birth.

    The bad actors sent the questionnaire email to all of the contacts within the business that they had from the financial planner’s email account.  The financial planners had a shared contact database. These bad actors sent out to all of the people saying, “Hey, we’re doing some spring house cleaning. We want to update all of your records. Here’s a link. Please go out and fill out all of this information for us.”

    Well, the questionnaire went out to all of their clients, and the clients click. They see this form that has their domain name. The financial planner’s domain name on a Microsoft form looks legit. That’s because it is legit, but the bad guys took over the account. Many of these Financial Planners’ clients filled out a bunch of personal information and hit submit. The bad actors raked all that information. Now, boom, they got a ton more targets to go after and a lot of data to sell for a lot of money.

    So with business email compromise, you need multi-factor authentication turned on for your email. Multi-factor authentication should be turned on anything that has one-to-many. Anytime there’s one username, one password, with access to many records by logging in. Furthermore, enabling multi-factor authentication is the best way to protect your company. In addition, you need to be monitoring and watch those 365 accounts. Again, that ecosystem is much broader than most people think.

    If you have questions, I’m here to help. Thank you for watching.