HOW AN EMAIL BREACH CAN COST YOUR BUSINESS THOUSANDS...
Business Email Compromise is the most frequent attack vector, costing US businesses almost 2.5 billion. Your email account is an important part of your communication with employees, customers, and vendors. It’s often the everyday information that opens your business to attack. If this information gets into the wrong hands, that could mean big problems for you and your business.
A TRUE STORY OF COMPROMISE
Let’s say you use a cloud hosted application for HR and payroll. You have recently changed your password and can’t remember it any longer. So, you click on the forgot password link and the service sends you a link to reset it. Now you can log in and get to work so everyone gets paid on time. What you didn’t know is someone gained unauthorized access to your email account, and they see the same emails you see. Now they know what payroll application you use.
Your attacker configures your email to hide their presence.
Before the act, they setup a few things so you don’t know what they are doing. First, many attackers create a forward rule on your email to send all incoming email to their account. Another tactic is to create a mailbox rule that deletes some or all messages after forwarding it, so you never even see the email. It’s also common for attackers to use your email account to send highly relevant email content to others in your organization. This might gain them access to other accounts or further the success of their attack.
This unauthorized user logs into your payroll system as you.
Now that their actions are hidden, they use the ‘forgot password’ link on your application. The reset instructions are emailed to you, immediately forwarded to the attacker, and deleted from you email. You never know this happened. The attacker then logs in, finds contact info for multiple employees, and starts emailing them from your account asking them to click the link below to login and review their pay settings so a special bonus can be provided to their paycheck. Unfortunately for them, the link is to a specially crafted web page that steals the employee’s login credentials to the payroll system. Now the attacker starts changing direct deposit information to send payroll checks to a bank account they own. Before you know it, thousands of dollars have gone to the attacker’s bank accounts. The attacker then moves the money to leave accounts empty or closed.
This is just one example of a recent email compromise. We respond to businesses experiencing this type of activity almost weekly. What other information is transmitted in your email that if compromised would put you or your business in jeopardy?
IMPLEMENT PROTECTION
