Business Email Compromise
Among the growing threats within today’s cyber-sphere, the trend of Business Email Compromise, or BEC, is certainly nearing the top of the list.
Broadly defined, BEC is a type of sophisticated scam targeting companies who conduct wire transfers, especially those with suppliers abroad.
The Email Compromise Scourge
BEC operations begin with a hacker gaining control of an email account from which monetary transfers are requested and authorized. This stage is typically accomplished by means of key loggers or phishing attacks.
Once cyber criminals gain control of an account, there’s a range of ploys they can use to extract funds from unknowing recipients. Fraudsters can send fake invoices to clients requesting payment to an account under their control. Another common tactic is to impersonate a high ranking executive and send a message to employees, ordering them to ‘move around’ company funds. The list goes on.
The damage caused by the trend of BEC campaigns has caught the attention of federal investigators. Last year, the FBI’s internet crime complaint center (IC3) revealed that BEC operations had cost global companies over $12 billion over a five year period.
The Rush to Defense
It is not surprising that the IT industry has been working on the problem of how to fight BEC for quite some time.
However, even the answers provided by field leaders have all fallen short.
The current consensus on how to combat BEC is the application of algorithmic tools to diagnose activity indicating account compromise. Researchers at Gartner have also advocated this approach. In their latest report on BEC, the firm calls for “customizable machine learning options” that can “integrate with current email security systems.” Gartner claims that such tools are readily available, and companies can look to “current email security providers to provide these controls.”
Reliability Problems
While the approach advocated by Gartner and others is pointing in the right direction, the problem is the reliability of platforms needed to actually accomplish these tasks.
The unfortunate fact is that even the top AI / machine learning solutions available today do not yield results accurate enough to support business operations. It’s not just the occasional miss these systems inevitably allow for–failing to flag a fraudulent email for instance–but also the built up of false positives that can often paralyze administrators and IT departments.
Combating Business Email Compromise the Smart, Intelligent Way
GTB’s Security Manager provides intelligent detection engines proven to provide near perfect assurance. With GTB Technologies cybersecurity solutions, companies can maintain control of the communications emanating from their networks, in a streamlined and fully scalable platform.
Why GTB?
adroll_adv_id = “UIOFH72HVBDSPBBLAJUZE6”;
adroll_pix_id = “HNO2CUNA4BAINCHLEPH2JH”;
/* OPTIONAL: provide email to improve user identification */
/* adroll_email = “username@example.com”; */
(function () {
var _onload = function(){
if (document.readyState && !/loaded|complete/.test(document.readyState)){setTimeout(_onload, 10);return}
if (!window.__adroll_loaded){__adroll_loaded=true;setTimeout(_onload, 50);return}
var scr = document.createElement(“script”);
var host = ((“https:” == document.location.protocol) ? “https://s.adroll.com” : “http://a.adroll.com”);
scr.setAttribute(‘async’, ‘true’);
scr.type = “text/javascript”;
scr.src = host + “/j/roundtrip.js”;
((document.getElementsByTagName(‘head’) || [null])[0] ||
document.getElementsByTagName(‘script’)[0].parentNode).appendChild(scr);
};
if (window.addEventListener) {window.addEventListener(‘load’, _onload, false);}
else {window.attachEvent(‘onload’, _onload)}
}());