Skip to main content

Have you ever received an email from a ''member of your team'' that looked like it wasn't him? One with an invoice attached from a stranger or a ''member of your team''? If the answer is yes, it means that your information and computers may have been compromised so read on.

Email is the most widely used means of communication between companies today and what does this mean? It has become the focus of cybercriminals and therefore the major vector of entry for cyberattacks on companies. Warning! They do not focus on multinationals, this affects all types of companies.

 

BEC stands for Business Email Compromise. In other words, it refers to the compromise of corporate email accounts.

What is a BEC attack?

BEC attacks attempt to steal high-value data from companies, employees and customers. They use sophisticated social engineering attacks, such as phishing, to steal email login credentials and from there, impersonate anyone in the company.

One of the most commonly used techniques is the CEO scam, in which a supplier sends an invoice to the administration department. Before it is approved and payment is made, the attacker changes the account number on the invoice, so that the company sends the money to a third party that is not the supplier.

 
Is your company vulnerable to a BEC attack?

  • No internal account controls are used.
    Internal policies and procedures can drastically reduce the risk of BEC attacks.

  • An additional layer of authentication has not been implemented.
    This security technology adds an additional layer of protection to corporate mail.

  • A vulnerability has been suffered or the results of phishing tests performed are not satisfactory.
    This is a clear sign that there are security holes that can be exploited by cybercriminals at any time.
If any of these issues reflect your company's reality, it is very likely that your company is vulnerable to email attacks. In addition to acting accordingly, it is advisable to implement solutions that add more efficient layers of protection to email and platforms such as Office 365 and G Suite platforms.ele-03IRONCHIP with its identity management platform and its MFA based on intelligent location guarantees measures to reduce risks in email and corporate platforms. Our CPO, Jose Fernando Gómez, explains individually the security contribution of each of the Ironchip

  • Multifactor authentication in corporate email.
    An identity solution such as Ironchip prevents the theft of credentials through social engineering attacks, something that other solutions such as passwords or one-time passwords do not do.

  • Extra layer, multi-factor authentication to access your systems.
    Eliminating any use of passwords will not only make it easier for your administrators to manage, but it will also make your users' day-to-day work easier and prevent them from falling into typical attacks.

  • Real-time control and management of user access.
    Ironchip's Intrusion Detection System (IDS) allows you to block unauthorized access to email, preventing and notifying you of such attacks. So, when an attacker accesses your administration team's email, it will be blocked and you will be notified, putting all prevention measures in place BEFORE the attack occurs.

Want more information? Let's talk! Click on this link or fill in the form on your right.

 

Jose Fernando Gómez
Post by Jose Fernando Gómez
September 13, 2022
CPO at Ironchip