Business, Compromised

One of today’s most damaging phishing attack types is Business Email Compromise (BEC). In fact, nearly 50 percent of cybersecurity-related financial loss in 2018 was due to these attacks, according to a recent FBI report. Also, a recent advisory from the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN), reports that U.S. businesses have been hit with nearly $9 billion in attempted BEC phishing theft since 2016. It’s clear from these statistics that tackling BEC requires a new approach to cyber defense—traditional defenses are failing to defend against these attacks. BEC phishing messages are simple, with no links or attachments. They are socially engineered to trick their victims into taking digital or physical action. The absence of URL and attachments to analyze creates a difficult challenge for traditional detection engines as these messages now look like any other normal business message. The key to detecting BEC phishing requires using an array of advanced email analysis techniques that can evaluate both the origin and the context of the email in ways that can reliably detect an imposter email.