Word of the Day: BEC exploits

Word of the Day: Daily updates on the latest technology terms

Word of the Day Daily updates on the latest technology terms | March 30, 2020 business email compromise Business email compromise (BEC) is an umbrella term for a security exploit in which the attacker targets an employee who has access to company funds and convinces the victim to tranfer money into a bank account controlled by the attacker. According to the FBI's Internet Crime Report, BEC exploits were responsible for over $1.77 billion in losses in 2019. Business email compromise is one of the top cyberinsurance claims in 2020, and security vendor Proofpoint has warned businesses that BEC exploits are increasingly being tied to COVID-19.   BEC exploits often begin with the attacker using a social engineering scam to trick a C-level target into downloading malware, clicking on an infected link or visiting a compromised website. Once the C-level manager's account has been compromised, it can be used to trick another employee into sending money to the attacker.   A popular BEC strategy is to send an official-looking email to someone in the company's finance department. Typically, such an email will say there is a time-sensitive, confidential matter that requires payment be made to a customer's, partner's or supply chain partner's bank account as soon as possible. The attacker hopes that the unsuspecting person in finance will think they are helping their company by facilitating a quick transfer of funds -- when in reality, they are sending money to the attacker's bank account.   Measures to prevent this type of financial fraud include employee education, conducing social engineering pen tests and adding a requirement that at least two employees sign approvals for payment change requests. Continue reading... Today's Takeaway "The Covid-19 lures we've observed are truly social engineering at scale. They know people are looking for safety information and are more likely to click on potentially malicious links or download attachments." Sherrod DeGrippo Related Terms You Should Know social engineering C-level phishing spear phishing whaling cyberinsurance Buzzword Alert two-factor financial authentication Business email compromises take organizations for millions each year. Keep yours from being added to the victim list by getting users to pick up the phone to verify monetary transactions. Office 365 security when evaluating Office 365 security challenges, it's important to examine all the applications within the suite -- and not just concentrate on email. secure email gateway People don't realize that unless you do a number of steps to authenticate your email, pretty much anyone can send an email and pretend they are you. Quiz Yourself A _______ is a hardware key that allows secure access to a licensed software application. a. private key b. dongle Answer Stay in Touch Thank you for reading! For feedback about any of our definitions or to suggest a new definition (or learning resource) please contact us at: editor@whatIs.com FOLLOW US About This E-Newsletter The Word of the Day is published by TechTarget, Inc., 275 Grove Street, Newton, Massachusetts, 02466 US. Click to: Unsubscribe. You are receiving this email because you are a member of TechTarget. When you access content from this email, your information may be shared with the sponsors or future sponsors of that content and with our Partners, see up-to-date Partners List, as described in our Privacy Policy. For additional information, please contact: webmaster@techtarget.com. © 2020 TechTarget, Inc. all rights reserved. Designated trademarks, brands, logos, and service marks are the property of their respective owners. Privacy Policy | Partners List