What is Business Email Compromise?

Continuing on with our Tuesday Tech Tip email security series, we’re going to talk about business email compromise. What is it? How does it happen? And most of all, how do you protect your company from it? Stay tuned.

Business email compromise is really more of an outcome or means by which the bad actors are exploiting email. There are multiple tactics, multiple ways that they get a business email compromise to happen. it can simply be from somehow scanning your password and what we call account takeover and then being able to compromise you. It could be a spearfishing attack where they target specific people, the CEO and the CFO. It could be through other means by which there’s a man in the middle attack. But ultimately, business email compromise is a class that is set for the highest of risk and therefore the highest payoffs for the bad actors. Whenever a business email compromise happens, it’s going to cost you a lot of money or your cyber liability insurance a lot of money, and the bad actors are going to make some money.

Slet’s talk a little bit about what is password takeover. That’s ultimately where somebody and sometimes they can get this just by sending an email saying, hey, your account is almost full All you have to do is click here and you’ll get unlimited space. And all you have to do is put in your email address and your password, and then boom, you got unlimited space. Well, Microsoft 365, you just gave them the keys to the Kingdom, and they can now rape and pilfer your entire Microsoft 365 environment. a lot of people look at that as just their email But there is a whole ecosystem behind the scenes that’s happening in Microsoft 365. So there’s a lot of room for exploits.

I’ll tell you one quick story with a financial planner that we work with to help secure their email. One of the financial planner guys had his account taken over and the bad actors went out and made forms on the Microsoft 365 platforms. it was really like all of the demographics being asked for, the Social Security numbers, the spouses, the phone numbers, the email addresses, the date of birth, you name. It was in this long questionnaire. The bad actors simply sent the questionair email to all of the contacts within the business that they had from the financial planners email account. The financial planners had a shared contact database. These bad actors sent out to all of the people saying, “hey, we’re doing some spring house cleaning. We want to update all of your records. Here’s a link. Please go out and fill out all of this information for us.”

Well, what happened was that goes out to all of their clients and the clients click. They see this form that has their domain name. The financial planner’s domain name on a Microsoft form looks very legit because A: it is legit. But the bad guys took over the account. Many clients filled out a ton of information and hit submit. The bad actors raked all that information. Now, boom, they got a ton more targets to go after and a lot of data to sell for a lot of money.

So business email compromise you really want to have multi factor authentication turned on your email. really on anything nowadays anything that has one too many where there’s one username, one password and you’re logging in, you have access to many records. You need to Enable multi factor authentication is your biggest way. You also really need to be monitoring and watching those 360 accounts because again, that ecosystem is much broader than most people think. If you have questions, I’m here to help. Thank you for watching.

New Microsoft Office Zero-Day Threat

    I want to talk to you about a Zero-Day threat that is out. It is called Follina. This is a Microsoft attack that is being embedded inside Microsoft Office documents. So this is going to come in the form of an attachment. It’s going to be something that you’re going to probably click […]

What is DMARC?

    For our Tuesday tech tip, we’re continuing in the email security series and we’re going to talk about DMARC. DMARC is a component of email security. What is DMARC and why should you care? I’m going to warn you that this is going to be probably one of the longest and more technical […]

How Much is Email Used?

https://youtu.be/dNmv9DWtc_U     For this Tuesday’s Tech Tip, I’m going to start a series that’s going to run for ten weeks. We’re going to talk about email security specifically. I’ve had a large number of people requesting, and asking how to secure their email. Because quite frankly, it is like the gateway drug, if you […]

How to Easily Send a Secure Email

https://youtu.be/TaT8SL3kCZ0 For today’s Tech Tip, I brought in my partner, RC here. We’re going to show you just how easy it is to send a secure email. So easy that a dog without an opposing thumb can do it. Stay tuned. I wanted to show you guys how easy it is to send a secure […]

The 6 Layers of Email Defense

For today’s Tuesday Tech Tip, I want to talk about the six layers of email defense that every business needs to have in place. We are seeing such a problem with bad actors taking and exporting people’s email, not just nationally but also locally. This is happening mainly by doing spoofing and what we call […]

PSA: Concerning Uptick in Email Threats

https://www.askbis.com/wp-content/uploads/2022/03/720p_zJzD.mp4 As events in the world continue to unfold, we once again urge everyone to be very careful and vigilant about unusual activity on their devices as well as your emails. We’ve noticed an increasing amount of Russian emails attempting to contact our clients. Be assured that our Barracuda spam filtering is handling and blocking […]

What Is Business Email Compromise?

Business Email Compromise Tech Tip

https://youtu.be/1tWWLbLWDZI Welcome to this episode of Tech Tip. Tuesday. My name is Philip Long. And today we’re going to talk about business email compromise. So let’s get started.  So what is business email compromise, really? That’s an IT term for when cyber criminals are using a business email address to exploit users to somehow monetize […]

5 Things to Look For Before You Click – The Anatomy of a Phishing Email

At the most basic level, a phishing scam involves sending fraudulent emails that appear to be from a reputable person or company, with the goal of deceiving recipients into either clicking on a malicious link or downloading an infected attachment, usually to steal financial or confidential information.

Security Expert Discusses Cloud Based Email Filtering

Phillip Long, a Certified Information Security Systems Professional (CISSP), talks cloud based email filtering in his latest Defense-in-Depth series video. During the video, he gives best practices for email security. Check it out below! About the Speaker, Phillip Long Phillip Long is a Certified Information Security Systems Professional (CISSP) and author of Everything You Must […]