A Guide for MSPs to Prevent Business Email Compromise (BEC)

Managed service providers (MSPs) are a high target for cybercriminals. Whether your organization provides networking, infrastructure, security, or application services, it is critical for you to secure your business and data centers from business email compromise attempts.

This post will provide valuable insight into BEC, how it works and what you can do to prevent your company from this cybercrime.

 

Business Email Compromise: An Overview

BEC is a cyber attack that targets your business emails. The aim of cybercriminals is to defraud manager service providers by compromising your business email accounts and stealing valuable information.

According to the FBI's IC3 report, from May 2018 to July 2019, there has been a 100% increase in business losses due to BEC. The report further identifies 166,349 BEC incidents between 2016 and 2019, costing over $26 billion in domestic and international losses.

As businesses move to cloud-based data processing models, cybercriminals have developed sophisticated scams to take over your business email accounts. This is known as Email Account Compromise or EAC and is used for BEC scams.

You cannot always identify and prevent business email compromise attempts with traditional tools. However, understanding how it works can help you deploy a solution that is right for MSP operations.

 

Common BEC Scams You Must Understand

There are five common types of business email compromise scams that MSPs are vulnerable to, which are:

Email Accounts Compromise

In this type of BEC fraud, cybercriminals will hack your business email account and use it to email your vendors requesting payments. These payments go into fake bank accounts instead of your company's account.

 

Impersonations

An impersonator will pretend to be a CEO or senior executive of an MSP sending out an email to an individual.

For example, a cybercriminal will hack a CEO's email address and send an email to an employee in the finance department asking for a quick money transfer to a client’s account for an important business deal. The unsuspecting employee will oblige and execute the transfer.

Another example is sending out fake invoices to international suppliers acting as MSPs. The cyber attackers will act as a managed service provider requesting suppliers to transfer funds, but the money will go to fake or fraudulent bank accounts.

An attacker can also pretend to be an attorney working for managed service providers and send an email to a junior-level employee requesting information for contracts and other financial details. The unsuspecting employee will fulfill the request and hand over the information that will be further used for other crimes. This is also known as spear phishing.

 

Malware Attacks

Malware is software that can gain complete access to your systems or the entire network. The attackers will use this to steal valuable data, including financial account details, login ids, and passwords—the criminals with further use this information to initiate other forms of business email compromise frauds.

 

How Does BEC Work?

BEC is a form of attack using various social engineering and impersonation tactics to trick unsuspecting employees of a managed service provider into handover the information. This form of fraud is hard to detect, and you will mostly find out after the scam has been successful.

Hacking MSP's email accounts and creating lookalike emails and domain names are the common methods criminals use to trick targets into abiding by the malicious requests.

For example, your company's name is ABC, and the domain you use is xyz.com. Therefore, your email is abc@xyz.com.  The cybercriminal may play with words a little bit and create a similar email id that looks like abc@xzy.com or abc@xyzz.com.

An unsuspecting employee working for MSP may simply read the email without looking at the domain and fulfilling the email's request, costing you thousands or millions of dollars.

In an EAC attempt, a cybercriminal gains access and control of your legitimate business address, and the consequences can be severe. Because not only do they have access to your sensitive information and correspondences, but they can also use the legit email id to send emails to business partners, vendors, and customers for financial frauds.

 

Three Steps of a Business Email Compromise Scam

A BEC scam occurs in four stages which are:

1. The attackers will target specific individuals and start collecting information. The cyber attackers may use MSP's business contact directories and LinkedIn profiles of employees or search other online portals for valuable contact information and email ids.
2. Once the attackers have a complete database of people they wish to target, they will send out a spam email to all of the email accounts containing malicious requests. This also includes impersonation, where attackers will use lookalikes emails of senior management to target employees working in critical business operations, including payroll, HR, and finance.
3. If the recipient does not suspect anything, this successful BEC attempt can result in financial losses and data breaches for managed service providers.

 

How to Prevent Business Email Compromise

If you are a managed service provider, you will require several safeguards to prevent any BEC and EAC attacks. As BEC and EAC target the email addresses, you must secure the following:

Business Email Compromise Training

Your employees will play a vital role and be your first line of defense to prevent any BEC attacks. Therefore, you must train your employees to identify the following.

 

Checking the Email and Domain Names

Make it a habit to first check the email address and domain names. Managed service providers can avoid most frauds by simply checking the email sender’s name and domain it was sent. This is where you can use solutions such as domain authentication, email security, account protection, and content inspection solutions to identify potential BEC threats.

Emails Requesting Information in Confidentiality

Attackers would not want anyone to suspect a BEC attack or fraud attempt. Therefore, they would ask the recipient employee of a managed service provider to maintain the confidentiality of the request mentioned in the email. Any such request is a potential BEC scam.

Language Errors and Spelling Mistakes

You must always look out for spelling and grammatical errors in emails. The sentence structure seems off and feels as if a non-native speaker has written the email; it is most likely a false one.

Request to Bypass Protocols

If a CEO or CFO sends an email to an employee to bypass protocols and carry out a task on an urgent basis, this is another red flag and must be treated as a business email compromise attack.

Unusual Requests from Senior Management Executives

Train your employees to question any unusual requests from senior management employees. For example, if an accountant receives an email from a CEO to transfer the funds immediately into a client's account. This is a red flag, and the recipient employee must treat it as a potential BEC or EAC attack.

 

Additional Tips to Prevent BEC Attacks

Some additional tips for managed service providers are as follows:

• Always be suspicious when dealing with emails requesting any kind of information.
• Give your employees confidence and not feel shy be asking for clarification or get in touch personally to confirm the request from the alleged sender of the email.
• Always follow the rule; if something sounds fishy, it probably is.
• Cybercriminals will always try to instill a sense of urgency in the recipient to comply with the request immediately. The success of a BEC attack heavily relies on an MSP employee to panic and rush to cater to the email's request. Therefore, you must train your employee to relax and think twice before fulfilling any request received via email.

 

BEC Prevention with SpamTitan Plus+

If you are managed service providers without any BEC prevention protocols, we at TitanHQ can help. We offer SpamTitan Plus+ comprehensive anti-phishing protection to prevent any BEC and EAC attacks. Book a free SpamTitan Plus+ demo to see it in action with our expert and ask any questions you may have regarding the protection of your MSP business.