Proactive Defense Against BEC Attacks: How to Stay Ahead of the Scammers


Business Email Compromise (BEC) has become a significant threat to organizations of all sizes, with the potential to cause immense financial damage. So much so, we have detailed key measures and strategies required for full-fledged, proactive BEC protection in our recent whitepaper “Stop the Steal: How to Protect Your Business from Business Email Compromise (BEC).”

These attacks involve impersonating legitimate business emails to deceive employees, customers, and partners. The advent of AI has only exacerbated the problem, making BEC attacks more widespread and sophisticated. Previously, attackers manually crafted emails to mimic legitimate communications; but now, AI tools can generate realistic emails at lightning speed.

This scalability allows attackers to target a vast number of victims efficiently, increasing the quantity and quality of phishing campaigns, and requiring businesses to re-focus their BEC protection strategies to match the evolving threat landscape.

Examples of BEC Attacks

BEC attacks come in various forms, each with devastating consequences. Here are a few notable examples from our recent whitepaper on BEC attacks.

  • Ubiquiti lost $46.7 million due to a BEC scam involving vendor impersonation.
  • Facebook and Google fell prey to a phishing attack with emails that appeared authentic, costing them over $121 million.
  • The Scoular Co., a food science company, was tricked during an acquisition process, resulting in a $17.2 million loss.
  • Treasure Island, a homeless charity, lost $625,000 to a BEC scam involving executive impersonation.
  • The government of Puerto Rico lost $2.6 million in a BEC scam that initiated a fraudulent transfer.
  • Children’s Healthcare of Atlanta lost $3.6 million in a BEC attack that impersonated the CFO.

The variety of scam types (not to mention the variety of businesses targeted) means BEC protection strategies need to be flexible and customizable, but also adaptive to evolving threat techniques.

How Companies Have Traditionally Approached BEC Protection

Traditionally, companies have focused on reactive BEC protecion measures – which have plenty of limitations – to protect against BEC attacks. These methods include:

Reactive Blocking (Email Level): Analyzing emails at the user level or via a central dashboard to identify and quarantine threats. This BEC protection method has limitations, as it does not necessarily identify malicious domains before they are used, and some attacks can bypass these techniques.

Techniques to Block the Link Path: Identifying potential BEC scam domains and proactively blocking them. While effective, this BEC protection method might inadvertently block legitimate domains, causing disruptions and frustration.

Policy Enforcement (DMARC): Setting up DMARC correctly helps identify domains spoofing your organization. However, it might not catch attacks targeting partners, vendors, or customers.

How Companies Can Proactively Detect BEC Attacks

A proactive approach to detecting BEC attacks involves identifying threats earlier in the attack chain, specifically when fake websites are created. Early detection is crucial as it allows organizations to disrupt potential threats before they reach user inboxes. Effective proactive BEC protection strategies include:

Domain and IP Analysis: Collecting telemetry data on domains and IP addresses associated with suspicious activity.

Content-Based Threat Analysis: Leveraging AI and natural language processing (NLP) to analyze email content for red flags such as urgency in tone, mismatched domain names, unusual requests, and grammatical errors.

Infrastructure Monitoring Tools: Tools like CheckPhish Domain Monitoring and Cisco Talos Reputation help identify suspicious domain and IP addresses associated with potential BEC attacks.

Website Registration Tools: Monitoring newly registered domains that resemble your organization (typosquatting) to prevent attackers from creating phishing websites impersonating your company.

Automated Takedown: Leveraging AI and machine learning to automatically take down phishing websites associated with the BEC attempt, disrupting the attacker’s infrastructure and hindering their ability to launch the attack on a wider scale.

The Importance of Multi-Layered Defense Strategies

Implementing a multi-layered defense strategy is crucial in effectively protecting against BEC attacks. One of the key advantages of a multi-layered defense is its ability to provide comprehensive protection.

By combining domain and IP analysis, content-based threat analysis, and infrastructure monitoring tools, organizations can detect and mitigate threats before they reach their targets.

Moreover, proactive measures like automated takedown of phishing websites and monitoring newly registered domains for typosquatting can significantly reduce the risk of successful BEC attacks. By disrupting the attacker’s infrastructure early on, these methods prevent the escalation of threats and minimize potential damage.

The benefits of early detection cannot be overstated. Identifying threats in their nascent stages allows organizations to take preemptive action, thereby reducing the likelihood of financial loss and operational disruption.

Early warning systems, such as those provided by Bolster, utilize AI to monitor malicious activity across various platforms, offering a broader view of potential BEC attack vectors. This enables security teams to respond swiftly and effectively, ensuring that threats are neutralized before they can cause harm.

In conclusion, by incorporating advanced tools and early detection techniques, businesses can significantly reduce their vulnerability to BEC attacks.

To further enhance your understanding of BEC and explore comprehensive strategies for safeguarding your business, we encourage you to download our detailed whitepaper as a valuable resource that provides further insights, expanded examples, and much more about the solutions to help you stay ahead of evolving BEC threats.