Published on 06 Nov 2020 | Updated on 03 Nov 2022
Joint Advisory by Cyber Security Agency of Singapore (CSA) and Microsoft
There has been an increasing trend of Business Email Compromise (BEC) attacks reported to SingCERT. Some of these reports relate to Microsoft 365, as Microsoft’s platforms are often targeted by criminals in such BEC attacks given that it is commonly used by businesses. Enterprises need to protect themselves from such attacks by raising cybersecurity awareness and promoting the adoption of good cyber hygiene practices among their employees.
What is BEC? A BEC is an email-based fraud technique that is designed to gain access to critical business information or extract money through fraudulent requests for payment or wire transfer. The most common method used by BEC attackers is the impersonation of a company's CEO, business partner or a known contact of the victim, using a spoofed email account to send the request. There have also been instances of BEC that utilised compromised employees’ enterprise email accounts. Email accounts can be compromised through a variety of ways including phishing attacks, the utilisation of data from past data breaches and credential dumps to perform credential stuffing attacks, as well as the harvesting of possible account information of victims from social media platforms.
As more businesses go online, cybercriminals have more opportunities to launch BEC attacks and other cybercrimes. Cybercriminals are also adept at changing their social engineering schemes to reflect current events. As enterprises are the primary targets for such scams, they need to be vigilant and take precautionary measures to guard against BEC attacks.
How do you protect your enterprise against BEC? Protection against BEC requires a multi-tier approach to be effective. Enterprises can consider adopting the following recommendations to protect themselves from a BEC attack:
For Enterprise Owners
As BEC attacks rely heavily on social engineering tactics, enterprise owners are advised to do the following:
Promote a Culture of (Cyber) Vigilance Among Employees
Implement Additional Verification Process for Finance-related Requests
Implement a secondary confirmation* process to verify the authenticity of finance-related requests, including funds transfer, change of supplier or vendor bank account, and invoice payment
*This secondary confirmation should be via a different medium (i.e. phone call or text message) to prevent direct communications with the criminal, in the event the email account has been compromised.For Enterprise IT Teams
Enterprises can strengthen their IT infrastructure posture to prevent spoofed emails from reaching their employees by implementing the following:
Block Malicious or Spoofed Emails
If your enterprise is using Microsoft 365, you can:
Implement filters at the email gateway to filter out emails with known malware spamming indicators and block suspicious IP addresses at the firewall.
Use free email authentication tools such as Domain-based Message Authentication, Reporting and Conformance (DMARC) which can help detect spoofed emails.
Implement Strong Password Policies
Enable multi-factor authentication (MFA) where possible for enhanced security, especially for employees with the authority to authorise payment – For users of Microsoft 365, visit this link for information on how to enable the MFA.
Maintain System Hygiene
Employees have a key role to play in thwarting BEC attempts.
Inspect suspicious / urgent emails closely
Typically, phishing campaigns’ emails will sound urgent and list dire consequences if the recipient does not act promptly. BEC-type emails may also ask the recipient to change the designated account for receiving wire payments.
Seek confirmation using a different medium (i.e. phone call or text message) before proceeding with an important instruction that was sent via the email. Report any suspicious phishing email to your administrator and do not click on any links or open any attachments from the email.
Enterprises using services from Microsoft 365 are encouraged to refer to the additional weblinks and online product documentation for information on implementing measures to allow employees to report junk and phishing email in Outlook, and to enable MFA for an additional layer of security for sign-ins.
More information is available at:https://docs.microsoft.com/en-us/microsoft-365/?view=o365-worldwide