Take Action To Prevent Your Business From Attack And Keep Safe from Phishing
The most prevalent buzzwords in the world of computer security relate to what’s know as BEC or Business Email Compromise. Though many times tech-related words are liberally tossed around to spur up interest, this is one of those occasions where knowing the facts about scams running rampant on the Internet makes a substantial impact on the well-being of your reputation and finances.
Phishing, whaling, spear phishing, CEO fraud, and others in the family of BEC are regularly deployed by scammers for profit – the illegal economy surrounding these kinds of fraud increased 2,502% in 2017 alone based on just ransomware exploits! In the following sections we’ll briefly describe these attacks look at ways you can prevent scams at your business.
BEC – A Family of Scams
The whole family of BEC has been defined by several other publications on the web and print, sometimes in great depth. With that said, it’s not that imperative to go into too much detail here however, it is important to understand the attacks well enough to recognize potential threats to avoid becoming a victim in one of these scams.
The core of any BEC relies on misplaced trust, which is core component for each flavor of attack.
BEC – This is basically the family name for the myriad of slightly differing attacks where the end goal might be: learning sensitive data by deciving someone into divulging information, gaining access to an account, or tricking someone making into a fraudulent payment.
(Spear) Phishing – As a blanket term for digitally “fishing for information,” these increasingly sophisticated attacks describe an effort where an attacker poses as trusted entity, often employing brand forgery, to either directly obtain money and information or mislead someone into installing malicious software.
CEO Fraud and Whaling – These attacks parallel regular phishing but are considerably more ambitious as they target high-profile users in a business. In some cases, a successful attack results in the attacker gaining control on one or more of these individual’s accounts, such as email or social media, as an effort to damage personal or business reputation.
Recognizing The Signs Of Phishing And Prevention
Being able to define types of attacks is great however, the important part of learning about these scams is recognizing the tactics utilized by fraudsters. By being vigilant and not wholly relying on software, which many times cannot detect these forgeries (especially zero-day attacks), as evident by the fact some 44% of businesses in this study were affect by malware, you can prevent damage to your business.
Domain Spoofing And Other Imitations
It should go without saying – if you receive a poorly written email indicating you’re the beneficiary of some random payout, asking you to send your bank information, it’s a scam. The screenshot above is minimal effort scam, meaning that while the content is obviously fake, there are a couple good examples in the header.
The email domain in the from field is a known malicious domain so it automatically redirects to the spam folder. You’ll notice this field differs from the reply-to field which is somewhat common for business emails, such as informational “no reply” messages. However, this message has a substantially different reply address as it directs to email@example.com.
In more insidious attempts, you’ll often see a verified account in the from field, for example, firstname.lastname@example.org. Attackers often register similar domain names to the company they’re masquerading as so, for the sake of this example, you might see email@example.com, which isn’t an official (or real) domain. In these attacks, the false domain is linked to an email system which used actively and legally for a short time before an actual attack is launched. As most protection systems rely on a database of “known attackers,” these messages often bypass detection software.
In the most devious attacks, a scammer learns account credentials of a trusted contact in a preliminary attack. By having automatic rapport, the recipient is inclined to respond and subsequently, is tricked into providing information, transferring money, or is directed to a page that installs malware. The only way to effectively way to prevent falling victim to this kind of attack is by identifying subtle nuances in language.
Tricking DKIM Or SPF
These two authentication systems are designed as multi-step, end-to-end tools for validating a message. You can learn more DKIM or SPF by following their respective links but both are too complex to explain in detail here.
The header depicted in the screenshot above, you’ll see this message has a signed-by field and an authentic subdomain of Capital One’s official domain. When a communication suddenly lacks an entry to this field or it changes from one message to the next, this may indicate a scam. Attackers will use some systems like a personal Gmail when sending out fraudulent messages to bypass DKIM filters or, use a business email system like G Suite to link their own domain to a message, validate the message with DKIM, and obscure their tracks.
Surprisingly, this counts as an obvious forgery. Plus, if you were trying to mimic Discover, they make their logos and several other official images easy to access.
However, this isn’t always the case. Some attackers will create official logos or slightly modify images from official communications, altering the dimensions at nearly imperceptible levels. These are then used in seemingly official communications that often link to a false page for monetary gain.
Recognizing and avoiding these kinds of messages is key to stopping fraud at your organization. Though you may have software in place that claims to thwart these kinds of communications, you may be surprised by what makes it through traditional protection systems. Give us a call at 1 (770) 936-8020 or send us an email at firstname.lastname@example.org so we can help you resolve your hardware issues. Contact our Boulder or Atlanta offices for more information.