Business Email Compromise | Agari

The holiday season is upon us, which means it’s also the busiest time of the year for online shopping. There’s Black Friday, Cyber Monday, and gifts to buy for loved ones. Plus, gifts to buy for yourself when the deals are this good! But beware, for cybercriminals ‘tis also the season to scam millions of dollars from unsuspecting people and companies. They’re banking on people being in a rush and distracted during this hectic season, and therefore more likely to fall victim to a scam, which allows them to cash in. Sounds a lot like the Grinch, doesn’t it?

How can you prevent business email attacks? Is training enough? We'll walk you through solutions and tips to protect your enterprise email from these attacks.

Why is business email compromise such a problem?

Business email compromise (BEC) attacks are sophisticated scams that target specific individuals with believable emails asking for funds to be transferred. These attacks can cost a company thousands, if not millions, of dollars a year.

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible.

Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C-suite executives in emails to colleagues asking for personal or company information.

Time is running out to join industry thought leaders as a featured speaker at Trust 2020, The Next Generation Email Security Conference, on April 15-17 in Los Angeles. The deadline to submit topics for consideration is October 31, 2019.

Trust 2020 is an exclusive, two-day customer event where senior security leaders from a wide range of industries converge to share thought-provoking ideas and actionable insights on defending against rapidly evolving email-based threats to their organizations.

Imagine going to the doctor and only being able to say “pain” or “sick”. You can’t say where you feel the pain, or what type of pain, or what is making you sick. Without this information, it is nearly impossible for the doctor to know how to treat you. From a cybersecurity perspective, this is very much like calling every email attack a “phishing attack" or even a “hack”. It limits the ability to identify proper countermeasures, and it frustrates meaningful comparison between potential approaches.