Our customers tell us we’re genuinely different to other IT companies.
Get in touch today to find out more.
Or call us today on 01225 426 800
Systemagic’s Senior Technician Scott is our resident expert on all things e-safety – he holds an EPICT e-safety qualification, is NSPCC trained and used to run e-safety training for Colleges. On Safer Internet Day 2018 he gives his top tips for defending against business email compromise threats:
BEC threats are on the rise. At Systemagic we have seen an increase over the last 18 months in targeted emails to our clients. A recent survey found that in the first quarter of 2017 nearly 85% of organisations had received at least one BEC message and the FBI estimate that victims have paid out over $5.3 billion since 2013 and that it’s a continually growing threat.
Unlike most cyber-attacks, BEC threats don’t use system vulnerabilities but are sophisticated scams, targeted at individuals within an organisation. Criminals will use a variety of techniques, often penetrating a company’s network through malware and then monitoring vendors, billing and email communications. They also adopt social engineering techniques such as studying social media, company websites and other legitimate sources to gain information on a company, its suppliers and employees. They then use spoofed email accounts and websites to fool victims into believing requests are authentic often the addresses maybe slightly different such as adding an extra letter in the domain name, so at a quick glance it seems legitimate, often bypassing any filters you may have in place.
Commonly, targeting a company’s finance team and impersonating a contractor, supplier, lawyer, creditor or more commonly a member of senior management and often requesting a transfer of funds to a given account. Other types of attacks can include emailing customers to request a repayment, or data theft where corporate, financial or personal information is obtained.
To: name@yourdomainname From: name@yourdomainname (almost may lightly differ such as containing an extra letter) Hi I’m busy today in and out of meetings can you arrange urgent payment for £xxx to a supplier. Email mail me back and I will send over the details. Name of Managing Director
In this scenario, the email looked like it came from the Managing Director and was sent to the accounts department, in the hope that they would respond to clarify that they have reached their target and then likely reply with false bank details for a known supplier.
Despite BEC threats being reasonably low tech you should still ensure that all the normal precautions used to protect against other cyber threats are in place. These include:
But as in most cyber threats the human element is often the weakest link, so you need to consider alternative solutions.
If you require any assistance with protecting your business against cyber-attacks then please get in touch!