Skip to content
Speak to an Expert Get Started

Hit enter to search or ESC to close

Top searches

A Guide for MSPs to Prevent Business Email Compromise (BEC)

Managed service providers (MSPs) are a high target for cybercriminals. Whether your organization provides networking, infrastructure, security, or application services, it is critical for you to secure your business and data centers from business email compromise attempts.

This post will provide valuable insight into BEC, how it works and what you can do to prevent your company from this cybercrime.

Business Email Compromise: An Overview

BEC is a cyber attack that targets your business emails. The aim of cybercriminals is to defraud manager service providers by compromising your business email accounts and stealing valuable information.

According to the FBI's IC3 report, from May 2018 to July 2019, there has been a 100% increase in business losses due to BEC. The report further identifies 166,349 BEC incidents between 2016 and 2019, costing over $26 billion in domestic and international losses.

As businesses move to cloud-based data processing models, cybercriminals have developed sophisticated scams to take over your business email accounts. This is known as Email Account Compromise or EAC and is used for BEC scams.

You cannot always identify and prevent business email compromise attempts with traditional tools. However, understanding how it works can help you deploy a solution that is right for MSP operations.

Did You Know?

99.99%

SpamTitan's spam catch rate

11 Seconds

a ransomware attack occurs

$285

the average cost to manage spam per person without an email filter

56.50%

of all email is spam

Common BEC Scams You Must Understand

There are five common types of business email compromise scams that MSPs are vulnerable to, which are:

Email Accounts Compromise

In this type of BEC fraud, cybercriminals will hack your business email account and use it to email your vendors requesting payments. These payments go into fake bank accounts instead of your company's account.

Impersonations

An impersonator will pretend to be a CEO or senior executive of an MSP sending out an email to an individual.

For example, a cybercriminal will hack a CEO's email address and send an email to an employee in the finance department asking for a quick money transfer to a client’s account for an important business deal. The unsuspecting employee will oblige and execute the transfer.

Another example is sending out fake invoices to international suppliers acting as MSPs. The cyber attackers will act as a managed service provider requesting suppliers to transfer funds, but the money will go to fake or fraudulent bank accounts.

An attacker can also pretend to be an attorney working for managed service providers and send an email to a junior-level employee requesting information for contracts and other financial details. The unsuspecting employee will fulfill the request and hand over the information that will be further used for other crimes. This is also known as spear phishing.

In 2023, individuals in the United States lost over 2.94 billion U.S. dollars in business e-mail compromise (BEC) scams.

Statistica

Malware Attacks

Malware is software that can gain complete access to your systems or the entire network. The attackers will use this to steal valuable data, including financial account details, login ids, and passwords—the criminals with further use this information to initiate other forms of business email compromise frauds.

How Does BEC Work?

BEC is a form of attack using various social engineering and impersonation tactics to trick unsuspecting employees of a managed service provider into handover the information. This form of fraud is hard to detect, and you will mostly find out after the scam has been successful.

Hacking MSP's email accounts and creating lookalike emails and domain names are the common methods criminals use to trick targets into abiding by the malicious requests.

For example, your company's name is ABC, and the domain you use is xyz.com. Therefore, your email is abc@xyz.com.  The cybercriminal may play with words a little bit and create a similar email id that looks like abc@xzy.com or abc@xyzz.com.

An unsuspecting employee working for MSP may simply read the email without looking at the domain and fulfilling the email's request, costing you thousands or millions of dollars.

In an EAC attempt, a cybercriminal gains access and control of your legitimate business address, and the consequences can be severe. Because not only do they have access to your sensitive information and correspondences, but they can also use the legit email id to send emails to business partners, vendors, and customers for financial frauds.

The APWG recorded the worst-ever period for phishing in the first quarter of 2023, with 1,624,144 phishing attacks.

Anti-Phishing Working Group

Three Steps of a Business Email Compromise Scam

A BEC scam occurs in four stages which are:

  1. The attackers will target specific individuals and start collecting information. The cyber attackers may use MSP's business contact directories and LinkedIn profiles of employees or search other online portals for valuable contact information and email ids.
  2. Once the attackers have a complete database of people they wish to target, they will send out a spam email to all of the email accounts containing malicious requests. This also includes impersonation, where attackers will use lookalikes emails of senior management to target employees working in critical business operations, including payroll, HR, and finance.
  3. If the recipient does not suspect anything, this successful BEC attempt can result in financial losses and data breaches for managed service providers.

Ponemon Institute found that 54% of security incidents were caused by credential theft.

How to Prevent Business Email Compromise

If you are a managed service provider, you will require several safeguards to prevent any BEC and EAC attacks. As BEC and EAC target the email addresses, you must secure the following:

Business Email Compromise Training

Your employees will play a vital role and be your first line of defense to prevent any BEC attacks. Therefore, you must train your employees to identify the following.

Checking the Email and Domain Names

Make it a habit to first check the email address and domain names. Managed service providers can avoid most frauds by simply checking the email sender’s name and domain it was sent. This is where you can use solutions such as domain authentication, email security, account protection, and content inspection solutions to identify potential BEC threats.

Emails Requesting Information in Confidentiality

Attackers would not want anyone to suspect a BEC attack or fraud attempt. Therefore, they would ask the recipient employee of a managed service provider to maintain the confidentiality of the request mentioned in the email. Any such request is a potential BEC scam.

Language Errors and Spelling Mistakes

You must always look out for spelling and grammatical errors in emails. The sentence structure seems off and feels as if a non-native speaker has written the email; it is most likely a false one.

Request to Bypass Protocols

  • If a CEO or CFO sends an email to an employee to bypass protocols and carry out a task on an urgent basis, this is another red flag and must be treated as a business email compromise attack.

  • Unusual Requests from Senior Management Executives

  • Train your employees to question any unusual requests from senior management employees. For example, if an accountant receives an email from a CEO to transfer the funds immediately into a client's account. This is a red flag, and the recipient employee must treat it as a potential BEC or EAC attack.

Verizon’s 2023 DBIR found that 36% of all data breaches involved phishing.

Verizon

Additional Tips to Prevent BEC Attacks

Some additional tips for managed service providers are as follows:

  • Always be suspicious when dealing with emails requesting any kind of information.
  • Give your employees confidence and not feel shy be asking for clarification or get in touch personally to confirm the request from the alleged sender of the email.
  • Always follow the rule; if something sounds fishy, it probably is.
  • Cybercriminals will always try to instill a sense of urgency in the recipient to comply with the request immediately. The success of a BEC attack heavily relies on an MSP employee to panic and rush to cater to the email's request. Therefore, you must train your employee to relax and think twice before fulfilling any request received via email.

Hear from our Customers

Spam titan let’s me focus on more important matters

What do you like best about SpamTitan Email Security? I found spamtitan via reddit 2 years ago and I cannot tell you how much time it has saved me. I am the sole IT person for a company of around 100 employees and before spam titan there would be days where half of my morning, every morning, was sorting through questionable emails that looked like legit invoices but werent. In the last year over 170k crap emails were stopped before reaching our mail servers. If I scanned every one of those emails manually with 1 minute scan time each. That's 118 DAYS worth of time spam titan has saved me. Their interface is to the point and not unnecessarily flashy. We use spam titan cloud and it is FAST. I can pull up a weeks worth of emails for all employees in 10 seconds and manually check if there was something blocked that shouldn't have been (rarely happens though). I can view suspicious emails without needing to download them first, I can create custom block lists by domain or email address. And I actually just found a digest feature that let's me send all employees a quarantine report allowing them to unblock things they need from their own email without needing me to stop, find the email, and white list it. Our plan has a set number of emails but unlimited domains so we have 4 companies using spam titan all under the same plan. I can add or remove companies on my own without messing with our cost or needing assistance from spam titan support. Lastly, spam titan support staff are AMAZING. it's ridiculous how helpful and friendly they are. The most recent example being that my email host started acting up and emails were vanishing. Spam titan support, as well as my account manager for spam titan looked into our delivery logs and informed me what they saw on their end. They then went out of their way helping me understand how to setup another companies product to work with their own when they didn't have to. I love these guys. The cost is absolutely worth the piece of mind and I'm a cheap skate to boot. I have never been happier with another company in my entire IT career. What problems is SpamTitan Email Security solving and how is that benefiting you? I'm saving time, money, and getting the benefit of virus scanning before email even reaches our own firewall and network. In IT the biggest security risk is always employees unfortunately. This cuts that risk down for email alone by I'd say at least 90% making my job so much easier.

Benjamin J.

Director of Information Technology

Turnkey antispam solution with great value

What do you like best about SpamTitan Email Security? As an MSP we love we can add client new domains to go thru our SpamTitan Private Cloud setup in no more than a few minutes. The general settings cover 95% of our use cases and from then on SpamTitan allows us to customize extensively per domain/user. We also love that new features are being added periodically (at no additional cost) giving SpamTitan great value. What problems is SpamTitan Email Security solving and how is that benefiting you? We looked at a number of cloud based antispam solutions and SpamTitan looks to be the one with better value overall.

Mundo A.

CEO

Great Hassle Free Spam Filtering

What do you like best about SpamTitan Email Security? The interface and backend makes it easy for all of our staff to manage spam- before we ran on a Sonicwall email security appliance that would randomly crash, and was slow. Being able to deploy SpamTitan as a VM with clustering features for both of our sites has been a life saver. We hardly ever see spam get through, and when it does, we make sure that we forward it on to the spambank and then it is never a problem again. Recommendations to others considering SpamTitan Email Security: Make use of SpamTitan support- they are fast, friendly and always happy to help. What problems is SpamTitan Email Security solving and how is that benefiting you? Much less spam on our already strained exchange server. Also a good guard against exchange going down, all mail gets held at the spam filter until it comes back up.

Irfan A.

Systems Administrator

A product that does a great job

What do you like best about SpamTitan Email Security? I really like the customization that is available for this product. We have total control over the spam filter environment for all our customers. The environment is stable which is very important to us and our customers. The support staff was great when we were getting our environment configured. They were quick to reply to emails and reach out to assist us as needed. The spam filtering is top-notch and much better than other products we have used. Recommendations to others considering SpamTitan Email Security: Look no further. Product and support is outstanding. What problems is SpamTitan Email Security solving and how is that benefiting you? Our previous product was not stable and didn't filter out spam as well as we wanted. This tool exceeds out expectations!

Jeffery B.

Partner

Antispam that is affordable, flexible and powerful

Spam filtering was costing us a lot of money, and then the vendor said we had to replace their appliance with a new one (about $3000 just for the appliance). SpamTitan costs much less per year, and we'll never have to replace an appliance again. We got SpamTitan's clustered solution, so we have a second VM running at our DR site, the two sync (or re-sync if there has been an outage), giving us load-balancing and fault-tolerance, and at a still significant savings.

Mike S.

Manager of Information Technology

BEC Prevention with SpamTitan Plus+

If you are managed service providers without any BEC prevention protocols, we at TitanHQ can help. We offer SpamTitan Plus+ comprehensive anti-phishing protection to prevent any BEC and EAC attacks. Book a free SpamTitan Plus+ demo to see it in action with our expert and ask any questions you may have regarding the protection of your MSP business.

Susan Morrow

Susan Morrow

  • DATA PROTECTION
  • EMAIL PHISING
  • EMAIL SECURITY

Talk to our Team today

Talk to our Team today

Frequently Asked Questions (FAQs)

What is an Email Phishing Filter?

Cyber-criminals use phishing email messages to steal corporate network credentials or install malware on a user’s local machine. An email phishing filter blocks malicious messages from reaching the intended recipient and protects an organization from data breaches and insider threats. For every email blocked by an email phishing filter, an organization reduces its cyber risks.

What are Good Anti-Phishing Solutions?

Anti-phishing solutions must block malicious email messages from reaching their intended recipient. Organizations can implement failsafe options such as antivirus in case of a false negative, but a good anti-phishing solution uses artificial intelligence to block sophisticated zero-day attacks. PhishTitan is a proven well-rated anti-spam solution used by enterprises and managed service providers.

What Does a Phishing Filter Do?

Instead of allowing users to receive spam and malicious email messages, a phishing filter blocks phishing, malware, or email messages with malicious attachments from reaching the intended recipient. Artificial intelligence (AI) is used to detect malicious messages, including zero-day threats. Malicious messages are sent to a quarantine section where administrators can review them.

Which Products Help Protect Users Who are Prone to Clicking on Phishing Scams?

There are two ways to prevent users from clicking on phishing emails. The first is to prevent malicious emails from arriving in the inbox in the first place. The second is to provide point-of-click protection for users who accidentally click on malicious emails that get through. Adequately protecting your organization against phishing threats requires a multi-layered defense.

Does Filtering Phishing Emails Work?

Yes! The vast majority of phishing emails come with tell-tale signs of malicious intent. Technologies like SPF, DKIM, and DMARC allow email providers to automatically filter out harmful emails that human users may not recognize.

What Happens when Phishing Filters Incorrectly Block an Incoming Email?

False positives happen when security technologies incorrectly flag legitimate data as malicious. This risk comes with all security solutions – not just phishing filters. However, high-quality security products produce fewer false positives than lower-quality competitors.

What Separates the Best Anti-Phishing Solutions from the Rest?

High-quality anti-phishing solutions must protect email users by preventing malicious emails from entering their inboxes, and providing point-of-click protection against malicious URLs and attachments embedded in emails. These two features are essential for adequate email security.

Doesn’t Microsoft 365 Already Have the Best Anti-Phishing Solutions Built in?

Microsoft is responsible for many impressive security technologies, but phishing protection is not one of them. Microsoft 365 doesn’t consistently keep phishing emails out of users’ inboxes and doesn’t offer reliable point-of-click protection to prevent malware infection. As a result, Microsoft 365 users need more protection.

Can Anti-Phishing for Email Prevent Every Fraudulent Message?

Cybercriminals are constantly innovating new ways to commit fraud. Security solutions are only partially foolproof. However, organizations that invest in high-quality technology backed by reputable vendors have a much better security posture than those that don’t.

What is the Best Phishing Protection?

The PhishTitan email filtering solution is a proven cybersecurity tool used by several TitanHQ enterprise customers and managed service providers. It’s well-rated across several sites, and customers praise its ease of use, customer support, and flexibility. PhishTitan is one of the top email filter solutions on the market, and it currently provides protection for large and small businesses.

What is the Best Anti-Phishing Strategy?

Security awareness training is essential for cybersecurity, but relying on users to recognize phishing adds the risk of a data breach from insider threats. Instead of relying on users to recognize phishing, the best anti-phishing strategy is to incorporate an email filtering solution that blocks malicious messages from reaching their intended employee recipients.

What is Anti-Phishing?

Phishing is the largest threat to an enterprise environment, so anti-phishing strategies stop phishing messages from resulting in a data breach. An anti-phishing solution stops email messages from reaching employee inboxes, so corporations significantly reduce their cyber risks by implementing an email filtering solution.  Email filtering solutions such as PhishTitan stop malicious messages from being a risk of a data breach.

What Features are in the Best Anti-Phishing Software?

As you search for the best anti-phishing software, find a solution that has features such as artificial intelligence, flexible configurations, notifications to help users, security awareness training incorporated with filtering solutions, good customer support, and operating system agnostic. Anti-phishing software such as PhishTitan is an added layer of security for compliance and data protection.

Do I Need Malware and Phishing Protection?

Any organization that stores sensitive data needs malware and phishing protection. Most organizations have at least some digital assets, so anti-phishing and malware protection are necessary. Malware and phishing are the biggest threats to business data privacy and protection, but the right cybersecurity strategies and email filtering solutions will help reduce the risk of a data breach from these threats.

How can Phishing Solutions Help with Data Protection?

A phishing solution detects any malicious message used for phishing or delivery of malware from an attachment and sends it to a quarantine. Phishing solutions reduce the risks of an enterprise being the victim of a data breach or critical downtime from a ransomware attack. Without phishing solutions, organizations must rely on employees to detect malicious messages, and this increases the risks of a data breach.

Will Email Phishing Solutions Protect my Data?

Every enterprise should use layered cybersecurity strategies. Email phishing solutions are one layer, but this layer is the first defense against malicious email messages. An email phishing filtering solution blocks malicious messages from reaching an employee’s inbox, which removes the threat of phishing altogether. Be prepared for false negatives, but phishing filters block malicious messages from reaching employee inboxes a majority of the time.

What Does Phishing Email Protection Do?

A phishing email protection solution blocks malware, ransomware, malicious scripts, and messages containing embedded links pointing to a phishing website from being sent to employee inboxes. By blocking malicious email messages, organizations reduce the risks of a data breach from email-based threats and add a layer of security to a data protection strategy.

What Does Anti-Spear Phishing Do?

Spear phishing threats target specific high-privileged users within an organization. An anti-spear phishing solution blocks spear phishing messages from reaching employee inboxes. Organizations should use anti-spear phishing software to protect data from email-based attacks and insider threats. Without anti-spear phishing, stolen high-privileged credentials could lead to a massive data breach.

Does Phishing Filters Block Ransomware?

The primary method for ransomware delivery is email. Using targeted spear phishing, attackers send malicious attachments to users or trick them into downloading ransomware on an attacker-controlled domain. Phishing filters quarantine messages meant to deliver ransomware to an organization’s employees. Employees never see the email messages, but administrators can review them in quarantine.

What are the Best Anti-Phishing Solutions?

Several anti-phishing solutions offer features to block messages, but only PhishTitan is a proven highly rated anti-phishing solution that blocks most phishing and malware threats sent using email. PhishTitan closely works with security awareness training solutions to gamify phishing alerts and remove responsibility from employees to help protect them from being the next victim.

What Phishing Filter is Related to SafeTitan?

SafeTitan is a TitanHQ security awareness training solution, and PhishTitan is TitanHQ’s email security software. Both SafeTitan and PhishTitan are related but different products. They work well together to offer organizations an effective way to train employees to identify a phishing threat but automatically block phishing threats using artificial intelligence to reduce inboxing of malicious email messages.

What is Phishing Filter Technology?

Phishing filter technology analyzes incoming organization email messages and uses artificial intelligence to detect potential threats. If a message is considered a threat, the phishing filter technology sends it to a quarantine where administrators can review it. Standard business email is sent to the intended recipient. By blocking malicious messages, organizations greatly reduce the risks of a data breach from malware, ransomware, and phishing sent in emails.

Do I Need Anti-Phishing for Email?

Phishing threats are the start of many of the world’s most damaging ransomware and data breaches. Anti-phishing for email blocks malicious messages from reaching the inboxes of targeted employees that could turn into victims of ransomware, phishing, malware, and other threats. By blocking email messages from reaching user inboxes, the organization protects data from many of today’s current threats and tomorrow’s zero-day threats.

Related Products

PhishTitan

SpamTitan

SafeTitan