Business E-mail Compromise — Techniques and Countermeasures

摘要

Business Email Compromise (BEC) is a method through which the attacker defrauds the organization and all its stake holders by the use of the business email that the employees carelessly use in public domain. This paper discusses about Business Email Compromise (BEC) that can be identified and categorized into five broad categories which are, CEO Fraud, Bogus Invoice Scheme, Account Compromise, Lawyer/Attorney Impersonation, and Data Theft. The research majorly focuses on finding the techniques used for BEC, detection techniques that could be used for taking the corrective measures against the attack and finding the possible countermeasures for preventing the BEC attack. The major techniques used by attackers and criminals for performing a BEC attack are usually Credential- grabbing and Email-only Method. Credential-grabbing techniques include techniques like phishing-related techniques and malware-related techniques. Phishing-related techniques can include compromise using various methods like from Direct Links, PDF Files, HTML or File-hosting services. Detection of such attacks can be done by various methods, such as Impersonation classifier, content classifier, text classifier, link classifier, classifier algorithm. There is BEC-Guard that can be installed in order to track these methods. Name and nickname matching is a method where in order to detect name spoofing, the impersonation classifier needs to match the sender name with a name of an employee. Countermeasures are the best possible way to prevent the BEC attack in the first place and the best defense for countermeasure is a well-informed workforce. Majorly, the countermeasures used includes, training and awareness programs, Phishing attack trainings, using of SPF, DKIM, DMARC anti-spoofing and email authentication techniques.