IM_Advisor_Blog_LogoIM_Advisor_Blog_Logo
  • Home
  • Technology Updates
    • Cloud
    • Cyber Security
    • Data Capture / POS
    • Digital Signage
    • Networking & Communications
    • Physical Security
    • Server & Storage
    • Software & Virtualization
    • Training & Professional Services
  • Social Stream Wall
  • Resource Center
  • IM Country Websites
    • United Arab Emirates
    • Egypt
    • Saudi Arabia
    • Morocco
    • Turkey
    • Turkey (Armada)
    • Lebanon
    • Pakistan
    • South Africa
  • Contact Us

Follow Us

top-view-lock-black-computer-keyboard_181624-14452

Tags:cybercyberattackcybersecurity

Egypt Heralds A New Era of Data Protection with the Personal Data Protection Law, 2020

  • 50
  • 0
  • 0
tiny-people-businessman-with-shield-protecting-data-laptop-data-privacy-information-privacy-regulation-personal-data-protection-concept-bright-vibrant-violet-

Tags:cybercyberattackcybersecurity

3 PCI DSS Fallacies Demystified

  • 60
  • 0
  • 0
BLog IBM

Tags:#Cloud#IBM#Innovation

Just another data platform or Breakthrough? IBM Cloud Pak For Data

  • 95
  • 0
  • 0
Data blog image

Tags:cryptologycyber attackscyber risk

Data Security

  • 63
  • 0
  • 0
  1. Home
  2. Cyber Security
  • Cyber Security
  • Ingram Micro METAIngram Micro META
  • 71
  • 0
  • 0

Business Email Compromise

Account compromise may occur due to a malware or phishing or via social engineering attack where the perpetrator Impersonates IT personnel in the target user’s company and the user discloses credentials without further verification.

security-concept-illustration_114360-1528
0
SHARES
PostTweetShareWhatsapp
Post Published On:

Business Email Compromise (BEC) has surpassed ransomware and currently tops the list of cyber threats in terms of financial loss and victims as per Federal Bureau of Investigation (FBI) and American International Group (AIG). BEC targets individuals and businesses who are authorized to perform fund transfers and deceives them into performing fraudulent fund transfers and/or Data Theft.

Below are some BEC attack scenarios: Scenario 1 – Change payroll account information Attacker sends spoofed email impersonating an employee to the HR to change the salary account details to Attacker’s account number. Salary account details are modified by the HR based on the mail.

Scenario 2 – Authorize a fund transfer impersonating a high-profile executive or an authorized user
Attacker sends a spoofed email impersonating to be a high-profile executive or an authorized user, requesting the finance department to initiate a fund
transfer to attacker’s account. Based on this email, the finance department performs the transfer to the attacker’s account without further checks.

Scenario 3 – Account compromise
Account compromise may occur due to a malware or phishing or via social engineering attack where the perpetrator Impersonates IT personnel in the target user’s company and the user discloses credentials without further verification. Attacker connects to authorized user’s email account with the compromised credentials and sends an email to transfer funds to attacker’s account number.

Best Practices for Protection against BEC
✓ Periodic Cyber Security awareness programs
✓ Multi Factor Authentication – protection against static password Compromise
✓ Web Security (web proxy) – to prevent access to bad websites and block unauthorized downloads
✓ Mail security – Protection against email threats
✓ Enable email to display complete email address instead of only names
✓ Use dual authorization to verify the authenticity for requests related to sensitive data modification
✓ Prevent users from installing or running unauthorized software
✓ Do not share login credentials or Personally Identifiable Information (PII) Data with others
✓ Do not store login credentials in plain text
✓ Do not click on the links on email without verifying the link.
✓ Deploy Latest version of Anti-Virus (AV) along with Endpoint Detection and Response (EDR) for endpoints
✓ Share sensitive documents in a secured way such as secure file share, encrypted transfer etc
✓ Cyber Insurance with BEC Protection

Feel free to comment below for any questions or clarifications and we’ll be happy to assist you.

You May Also Like

top-view-lock-black-computer-keyboard_181624-14452

Egypt Heralds A New Era of Data Protection with the Personal Data Protection Law, 2020

  • 50
  • 0
  • 0
tiny-people-businessman-with-shield-protecting-data-laptop-data-privacy-information-privacy-regulation-personal-data-protection-concept-bright-vibrant-violet-

3 PCI DSS Fallacies Demystified

  • 60
  • 0
  • 0
Data blog image

Data Security

  • 63
  • 0
  • 0


Ingram Micro META Ingram Micro Cyber Security Ingram Micro Services Ingram Micro Cloud Ingram Micro Inc.
Homepage Homepage Homepage Homepage Homepage
Company Overview Consultancy Services Professional Services Become a Reseller Executive Leadership
Executive Officers Assessment Services Training Services Cloud Marketplace Board of Directors
Become a Reseller Training Schedule Training Portfolio Cloud Events Social Responsibility
Corporate Newsroom Cyber Security Solutions Training Resources IM Cloud Blog Awards
Contact Us Contact Us Contact IM Training Cloud Support History

Copyright © 2020 Ingram Micro META. All rights reserved. Opinions expressed on this publicly available site and any follow-on comments are the personal opinions of the author(s) and not of Ingram Micro Inc., its business units worldwide, employees, officers or directors. The content is informational only and is not an endorsement by Ingram Micro Inc., its business units worldwide, employees, officers or directors.

  • Home
  • About Us
  • Become a Reseller
  • Ingram Micro Careers
  • Contact Us