Email Security: The close link between BEC phishing and Identity Impersonation corporate attacks

Introduction

Today, we are going to delve into a crucial topic in cybersecurity: BEC phishing, also known as Business Email Compromise phishing, and the close link of this attack method with identity impersonation. These two sophisticated attack methods have gained popularity in recent years due to their ability to deceive even the most vigilant users, resulting in significant financial and data losses for the organizations falling victim to them.

What is BEC phishing and how is it working?

BEC phishing is an advanced form of phishing attack that specifically targets businesses and organizations. Unlike traditional phishing attacks, where cybercriminals mass-send phishing emails to a large number of targets, BEC phishing focuses on social engineering and manipulation to target specific individuals within an organization.
The way hackers are operating in such attack is as follows:

1. Research and information gathering: Attackers conduct thorough research on their targets, collecting information from public sources such as social media, company websites, and other online sources to better understand internal dynamics and relationships within the organization.
2. Targeting: Armed with this information, cybercriminals craft highly convincing and personalized emails. To increase the success of this step, attackers use identity impersonation methods.
3. Identity impersonation: In a BEC phishing attack, cybercriminals mimic the identity of a trusted individual within an organization, such as a high-ranking executive, a financial manager, or a colleague. They use information gathered from online sources to personalize their emails and make their requests appear credible. Identity impersonation goes beyond just using a name and email address; it often involves the use of manipulated email headers to make recipients believe that the email originates from a legitimate source. Hackers are also using alphabet similarities to deceive vigilance.
   
   For instance, could you make the difference between john.peterson@urbank.com and john.peterson@urbаnk.com? Pay attention to the "a" in the urbank domain name.
   In the first email address example, the "a" is a true standard latin letter whereas, in the second email address, the "a" is from cyrillic alphabet. This very subtle difference actually distincts 2 totally different domains from a technical point of view.
   
   It must be admitted that these two addresses are very similar and that detecting the difference requires spending time and a certain technicality.
4. Social engineering and manipulation: Identity impersonation aims to deceive recipients by making the emails appear to come from a trusted internal source. Attackers leverage existing relationships of trust within the organization to prompt victims to act swiftly and disclose sensitive information or perform compromising actions.
5. High earning potential: BEC attacks can lead to massive financial losses for businesses, especially if funds are transferred to accounts controlled by the attackers.
6. Financial and reputational impact: When cybercriminals successfully impersonate a influential individual within the organization, the consequences can be devastating. Unauthorized fund transfers, disclosure of sensitive information, or other illegitimate actions can lead to significant financial losses and harm the company's reputation.

Rising trend of BEC attacks

BEC-type attacks have witnessed a substantial increase both in terms of volume and financial impact. For instance, according to the annual report by the online security platform "Proofpoint," BEC attacks have grown by an average of 80% each year between 2016 and now. Source: Proofpoint 2023 State of the Phish Report.

Furthermore, the FBI has reported a significant rise in financial losses associated with BEC attacks. According to the FBI's Internet Crime Complaint Center (IC3) report, global financial losses due to BEC attacks exceeded 26 billion dollars since 2016. Source : FBI IC3 2023 Internet Crime Report.

More details on these trends are available in our blog article 2023 will be on the rise in terms of phishing attacks!.

Conclusion

Business Email Compromise (BEC) phishing and identity theft are closely intertwined, as identity theft serves as the foundational strategy to effectively carry out BEC attacks. The fusion of social engineering, customization, and psychological manipulation within the realm of BEC phishing makes the attacks more persuasive and harder to detect, thereby escalating the risks for targeted businesses and individuals.

These types of attacks pose a significant danger to businesses due to their sophistication, precise targeting, and ability to exploit human vulnerabilities. It is imperative for companies to establish prevention strategies and enhance verification protocols. By combining robust security technology with a proactive cybersecurity culture, organizations can better defend themselves against this rapidly growing threat.

Learn more on how LetzRelay-MX can help your organization be secured with Internet inbound emails and be protected against these types of attacks.