BEC emails are the top concern for most big companies. These phishing emails operate without links and attachments, two of the flags which can mark malicious messages. They also work off the power structures in a company, using the names of key players, customers, and even board members to trick employees into doing things like transferring money.
BEC attacks leverage and manipulate trust in several ways:
- Domain spoof: An email seems to originate within the target user’s own company or partner domains that the company transacts business with.
- Name spoof: The swindler poses as a known, trusted, and powerful individual, such as the CEO or other similar executive. This not only grabs immediate attention, it commands priority. A name spoof combined with a job title spoof goes to the very front of the queue.
- Domain proximity: The company’s domain address might be registered or hosted on any number of providers, with just one or two letters slightly different. This seemingly minor detail is easily overlooked by a user intent on doing their executive’s bidding; for example, a name may be spelled “buslness.com” rather than “business.com” (note the upper case ‘l’ instead of ‘i’).
- Attributes spoof: The body or email headers are obfuscated, and can feature a copycat logo, logotype, brand name, or other recognizable identifier to win trust and make it appear safe for the target to take action.