Dec 8, 2021
0 0

How FinServ Firms can Prevent Business Email Compromise

Written by

The Home of the Security Bloggers Network
Home » Security Boulevard (Original) » How FinServ Firms can Prevent Business Email Compromise
Fighting cybercrime has been an issue for businesses across all industries since the early 1980s. Criminals will find any way they can to insert themselves between transactions, especially if those transactions involve a large sum of money. The invention of the internet made it even easier for criminals to intercept funds using fraudulent methods. With digitization, both businesses and consumers communicate and conduct most business-related activities online.
Today, email is the primary and preferred method of communication between companies in every industry as well as their consumers. Although the convenience of delivering and receiving a message within seconds with little effort is what attracted users to this communication method in the first place, email is, unfortunately, the most susceptible to fraud. 
Business email compromise (BEC) tops the list of the most financially damaging cybercrimes today. For example, the FBI reported that BEC scams resulted in over $1.8 billion in losses to businesses in 2020. The numbers continue to rise, with remote work-from-home policies accelerating BEC attacks by 71% over the past year alone.
Cybercriminals are attracted to email for much of the same reasons that businesses and consumers are—it’s quick, easy, convenient and used by so many people. But—perhaps most importantly—email enables fraudsters to remain anonymous and place themselves in between the parties involved in a transaction. If the attack is successful, cybercriminals can intercept the transaction and divert funds without anyone realizing until it’s too late.
Although BEC is a persistent issue for all businesses, the financial services industry is hit 300 times harder than any other sector. Additionally, wire fraud attacks and BEC have cost financial enterprises more than $26 billion within a three-year period. As cybercriminals take advantage of the pandemic-induced work-from-home policies and hybrid work, losses from BEC continue to rise and are now one of the biggest problems that financial services firms face, including venture capital, private equity and real estate firms. 
Fraudsters use BEC to exploit the fact that we all rely on email to conduct business. Financial services firms use email to communicate with clients, and these emails include sensitive information such as financial instructions, login information, login links and personal information that are sent and received within the body of the message. No matter how financial institutions and clients attempt to transfer sensitive information securely, fraudsters constantly adapt to new methods and technologies to ensure that they won’t miss out on a potential opportunity.
This is especially problematic for venture capital, private equity and real estate firms as they deal with large sums of capital. Fraudsters spend their time carefully crafting a deceptive email to employees and clients of these firms, knowing that many of the associated transactions could involve a large sum of money. In addition to targeting employees with deceiving emails, fraudsters rely on several BEC tactics to intercept transactions. 
Today, business email compromise, also known as email account compromise (EAC), is targeted and strategic. Rather than randomly selecting people from financial institutions or blanketing an entire firm with random emails, fraudsters try to first understand the financial firm before sending out a targeted BEC attack. BEC can also take several forms. Some of the most common types of BEC include: 
Financial enterprises need to be more vigilant than ever when it comes to protecting sensitive data. Unfortunately, thinking twice before sending every email and double-checking the validity of an email address can’t always be expected when employees have hundreds or more emails to respond to every week in addition to their daily tasks. Not to mention, if a business’ best line of defense is following “best practices,” it can become very hard to prove that they were followed, and there are few guardrails in place to ensure protection.
But the implications of successful wire fraud and impersonation attacks can cost a company more time and money and lead to permanent damages such as reputation and loss of intellectual property. 
Although companies rely on two-factor authentication and cybersecurity training strategies to combat impersonation and BEC, fraudsters continuously adapt to these updated methods. Today, losses in BEC attacks are higher than ever, while email threats continue to rise to 80% in some sectors. 
Fortunately, technological innovation has made it possible to take preventative measures further with multifactor authentication (MFA) and biometric verification. MFA is an electronic security technology that requires users to submit multiple authentication methods to verify their identity. For example, users can receive a text or call with a code to verify the user’s identity. MFA adds an additional layer of protection for companies and is a more vital form of verification than 2FA or password security. 
Another form of MFA is biometric verification. Biometric technology verifies an individual based on unique, biological characteristics like fingerprints, voice and/or facial recognition. Since these traits cannot be stolen or faked, companies that use MFA and biometrics can conduct business without having to worry about whether the person on the other side of the screen is in fact who they say they are. 
Financial services firms can now integrate these tools within their workflows to eliminate BEC attacks and wire fraud. With these tools, venture capital, private equity and real estate firms don’t have to worry about changing their workflows or taking days off to train their staff. Together, MFA and biometrics verification can eliminate the threat of impersonation, BEC and malware attacks for financial services firms by requiring users to verify their identity with unique characteristics which cannot be stolen, replicated or faked.
Brian Twibell is co-founder and CEO of WireSecure.
brian-twibell has 1 posts and counting.See all posts by brian-twibell

More Webinars


Article Categories:
Cloud Security

Comments are closed.