Business Email Compromise Attacks

A group of employees working on computers

Business email compromise attacks are a specialized form of phishing.

These attacks are carefully orchestrated and carried out by highly informed and well-trained threat actors.

Where general phishing attempts cast a wide net hoping one of your users makes a mistake, BEC attacks leverage stolen account credentials and use those accounts to deceive and manipulate your users with what appears to be a legitimate email.

These attacks follow a discrete set of steps and InQuest has tailored MailTAC to disrupt and counter BEC attacks at every level.

A computer

The Anatomy of a BEC Attack

Web icons

Step #1: Reconnaissance

BEC attacks begin long before any contact is made with your network or your people.

They start with a sophisticated research and recon program that draws on publicly available information about your organization and your people. Information from your website, social media, news sources, or wherever your organization and your people have been mentioned.

From this information, the attacker builds a strategic phishing campaign that targets executives or trusted business partners.

Halt the attack before it begins with Threat Intelligence.

InQuest’s Threat Intelligence capabilities draw on a wide array of sources, both public and private. We continuously update our intelligence insights from the researcher community, think tanks, and our own internal discoveries.

That means your organization will be armed with an ever-growing, constantly updated list of Indicators of Attack (IOA), Indicators of Compromise (IOC), and social/behavioral patterns before cybercriminals make their move.

When an attacker does make contact with your organization, that actionable intelligence has already been deployed and your defenses will stop the attack cold.

InQuest platform feature
Email

Step #2: The Phishing Attack

Now that the attackers have collected publicly available information and formulated their attack plan, the phishing begins.

The attackers send specific, thoughtfully-crafted emails to employees, often impersonating an executive, supervisor or even leveraging an account that was previously taken over via email account compromise (EAC). These emails are made to appear legitimate and urgent and can request anything from financial transfers to seemingly innocuous responses.

The goal of these emails can be a quick money grab, or to gather social and behavioral information for a much larger, higher-value attack.

Identify phishing attacks in progress with real-time behavior analysis.

InQuest’s solutions carry out a continuous battery of behavioral analysis techniques. From internal and external relationship building to advanced content analysis and profiling, InQuest helps you create a baseline of normal communications that is continuously analyzed to produce unique behavior patterns for every account, all in real-time.

Email

Email

Step #3: Compromised Credentials and Email Spoofing

If a member of your organization does fall for a phishing attempt, their credentials may be compromised. The attacker may now have access to, or control over, that member’s email account and other connected systems.

The attackers will now begin to impersonate the affected user by sending fraudulent emails to colleagues, clients, partners, and vendors asking for financial information or other sensitive data.

Sophisticated attackers may even use social engineering to conveniently mimic the target’s behavior, or to create high stress or urgent situations in the hopes of tricking someone into leaping without looking.

Network Threat Analytics continuously learns from the global cybersecurity community to identify suspicious behavior.

InQuest combines its automated threat intelligence with continuous monitoring of your organization’s network to rapidly identify anomalous patterns of behavior. As new attacks are uncovered and monitored by the wider cybersecurity community, that information is automatically disseminated across InQuest’s solutions.

The result? Continuously informed monitoring that learns not just from what happens on your network, but from networks around the world.

InQuest Data
A man with glasses

The Final Stand: Customizable Email Banners

No matter how sophisticated or complex the attack, InQuest is ready with layer after layer of protection for your organization. At the end of the day, the final step in the business email attack chain is your end users.

Advanced threat detection, comprehensive behavioral analysis, world-class threat intelligence – InQuest has the tools and the resources your SOC team needs to fight business email compromise attacks every step of the way, but we also educate and empower your end users to defend themselves by raising their awareness in real-time through the use of customizable email banners.