Why BEC and Phishing Attacks Need to Be a Priority for MSPs

Posted by Trevagh Stankard on Tue, Aug 9th, 2022

A Business Email Compromise (BEC) is one of the most effective threats for attackers. It gives them the ability to send fraudulent emails under a legitimate email account. Usually, email accounts are associated with network credentials, so having an email account from a targeted user also gives attackers privileges to corporate data. Attackers can also eavesdrop on messages and steal data without detection. All these reasons and more are why a Managed Service Provider (MSP) should make email cybersecurity their top priority for their customers.

 

BEC Attacks Increased Significantly in 2021 and 2022

The Federal Bureau of Investigations (FBI) releases a report every year highlighting the significance of internet crime. The report estimates that internet crime cost $6.9 billion in 2021, but the cost associated with BEC is a large chunk of this cost – estimated at $1.77 billion. Looking at the dollar loss over a period of five years puts the loss at $43 billion between costs associated with initial damage and persistent litigation and associated aftermath costs.

Phishing is a major concern, and the number of phishing campaigns continue to rise. However, researchers noticed an increase in fake invoices sent to targeted users to convince employees to send money to an attacker. In some similar attacks, the fraudulent invoices incorporate social engineering or emails claiming to be a corporate accountant or executive urging the targeted employee to pay the bill.

Wire transfers are the most common, because it’s difficult for victims to get their money back. Gift cards are still popular, because these cards do not have chargeback capabilities like a typical credit card. Any irreversible method continues to be the most common strategy for BEC compromises.

 

MSPs Should Offer Phishing and Email Security Training

Every year, malware authors change their code to bypass current cybersecurity defenses, but one thing never changes – phishing emails are an effective way to initiate a credential theft campaign. Employees continue to be the biggest vulnerability and threat to data. In a phishing campaign aimed at 100 employees, only one employee needs to fall victim to it. Once an employee divulges their credentials, data is at risk. At worst, an attacker gains access to network resources and installs backdoors and malware.

Training employees to notice the warning signs of a phishing campaign is a proven way to stop them from becoming the next victims. Simulated training is best, so MSPs should work with applications and vendors that perform attacks in the same way as a real-world campaign. Any URLs can point to a web page where an MSP can gather statistics to identify which employees clicked the link and identify any employees who entered their credentials. This practice helps improve education so that training can be directed at the biggest human errors.

 

Use Email Filters to Block Phishing Emails

Most BEC attacks start with a phishing email. Training helps and reduces risk, but an even better way to stop phishing is with effective email filters that identify suspicious messages and block them from reaching the intended recipient. MSP administrators can still see messages to identify any false positives, but messages will not reach the intended targeted victim’s inbox.

Email cybersecurity using artificial intelligence is a much better system. Instead of searching for specific words or images, cybersecurity systems that use artificial intelligence to analyze message patterns and sender data will catch phishing emails designed to bypass simple filters. As more emails are made available to the artificial intelligence system, security becomes more effective, especially against zero-day threats.

Combining email cybersecurity and training, an MSP can greatly reduce risk of an email compromise on their customer’s network. Using cloud-based email security, an MSP can more rapidly deploy email security, and it gives an MSP a centralized way to configure and manage all customers under one dashboard.

Setting up email cybersecurity and filters shouldn’t be the only protection, but it’s a primary source of stopping attackers from successfully obtaining corporate credentials. Monitoring should also be in place so that any credential theft is caught early before attackers can perform any other malicious activity.

A few other ways MSPs can help their clients avoid becoming a victim:

1. Have a list of phone numbers employees use to verify account transfers
2. Set up policies for purchasing employee gifts and invoice payments
3. Use official portals for employee payroll changes and sensitive requests
4. Define a policy for all outgoing payments and wire transfers
5. Set up frequent training programs to instruct employees on phishing detection
6. Update training and policies every year to cover the latest phishing campaigns

Every organization must demonstrate that a chosen security measure is working. A behavior-driven security awareness training must be able to provide metrics that demonstrates improvement in security behavior. SafeTitan provides enterprise-level reports that are easy to understand and that give an at-a-glance view of the awareness training program’s success.

If you’re ready to maximize your ability to secure your business and employees to minimize security incidents and related costs then take a closer look at SafeTitan. Book a free SafeTitan Security Awareness Training demonstration with an expert today.