How does it attack your business and how can you prevent it?
Netpoleon, a leading provider of integrated security, networking solutions and value added services, publishes the report “Business Email Compromise (BEC): How does it attack your business and how can you prevent it?”. The report was written by Macnica Networks Corp. that is the parent company of Netpoleon and analyzes threats targeting Asia’s organizations and provides security solutions in Japan.
This report summarizes the reality of fraud, the flow from careful preparation to transfer to the account prepared by the attacker, the measures that we believe have a certain effect at this point in the system and accounting departments and the incident response required when faced with BEC. It is the result of an analysis based on many emails obtained by Macnica Networks.
Macnica Networks has analyzed not only BEC email received by group affiliates of Macnica Group from 2015 to 2019, but also BEC email received by trading partners purporting to be from Macnica Group, as well as BEC cases handled through the incident response service provided by Macnica Networks and has exposed the methods used by attackers. Furthermore, with the cooperation of Itochu’s ITCCERT, which has provided analysis results regarding the daily BEC attacks on the Itochu Group, as it continues to expand around the world, we have now been able to shed even more light on the methods and identities of attackers.
We should pay more attention to BEC. According to the Internet Crime Complaint Center (IC3) of the US Federal Bureau of Investigation (FBI), within a period of less than five years from October 2013 to May 2018 the number of reported cases of business e-mail compromise (BEC) was a little less than 80,000, and the total cost of damages came to approximately 12.5 billion USD (approximately 1.4 trillion yen).
BEC mail example:
Pretending to be the CEO of a trading partner
The e-mail address of the sender has a domain name unrelated to the trading partner, which makes this fraud relatively easy to spot. However, because the e-mail purports to be an urgent request from the CEO of a trading partner, the thought of not wanting to be seen as rude by showing suspicion creates a situation in which it is hard to reject the request.
Registration of similar domains
The attacker had acquired a domain very similar to the actual domain of Netpoleon and was using that to make a BEC attack on the client. Fortunately, the client realized there was something suspicious about the domain name, and the attack was thwarted.
Netpoleon will endeavor to contribute to cyber security measures by investigating, analyzing, and disclosing information on attacks.