The Talented Mr Ripley, for those that have not read the book or seen the movie, tells the story of confidence trickster Tom Ripley and how he assumes the identity of one-time acquaintance Dickie Greenleaf to live a life of luxury. Despite being written in 1955, on reflection some of the tactics used by the scoundrel, are remarkably similar to a growing threat on the cyber security landscape. This growing threat is known as Business Email Compromise or BEC.
What is a Business Email Compromise?
According to email security specialists Mimecast in their booklet "Whaling: Anatomy of an Attack“ a Business Email Compromise is a relatively new form of attack intended to scam organisations by impersonating high level executives and convincing employees to wire money to fraudulent accounts or leak sensitive information. Such is the rise in BEC attacks that they have been highlighted by The Charity Commission as recently as March 2018 as a growing Phishing threat to Schools and Charitable organisations. In fact, some industry peers are reporting that 90% of email attacks are a form of spoof email with BEC style emails proving the most popular cyber security threat.
Why are these attacks so successful?
Cyber criminals are utilising the same basic human trait as Tom Ripley, TRUST! Just as Mr Ripley sent communications to the Greenleaf family posing as Dickie, when employees receive an email from a trusted senior colleague, their instinctive reaction is to trust the communication and act accordingly. These Phishing scams utilise URL typo’s and Social Engineering to ensure they are sending communications that at first glance appear to be completely legitimate and circumnavigate traditional Malware and Spam filters.
How can you defend against a Phishing attack this specific?
The first step to securing your borders, is to ensure your staff are continually suitably trained and aware of the ever-changing threat landscape, an annual update is not enough. The nature of the Cyber Criminal is to identify new attacks as quickly as you can protect against them. Educating staff to know what a cyber security threat looks like, will dramatically reduce the risks of an attack being successful. To give you a head start the blog “Email Security Do's and Don'ts for Employees" is worth sharing with your team.
The second step to securing your boundaries, is to ensure you have traditional email security tools in place. Whilst BEC attacks are on the rise, the proliferation of Malware and Spam means there are still plenty of other attacks happening daily.
Finally, improve your email security by adding another layer to your cyber defence. Organisations such as Mimecast offer next generation email security solutions that can defend against spoof emails and links including:
Impersonation Protect. Mimecast scans all incoming email for signs of impersonation fraud and blocks, quarantines or tags suspicious messages with warnings for the recipient.
Attachment Protect. Mimecast scours attachments for malicious code and sandboxes suspicious documents or rewrites them to a format that is safe for users to access.
URL Protect. Mimecast prevents users from clicking on a link that may be malicious, scanning every destination website in real time to identify suspicious sites based on the latest threat intelligence.
Dynamic User Awareness. Mimecast provides tools to train users and develop habits that can make employees powerful defenders in the fight against email-borne threats.
We help our clients keep up to date with the latest threats, and regularly conduct tests to make sure that their teams know what to look for too. Are you confident that your team would not fall foul of a BEC? Why not take a look at our FREE PHISHING TEST FOR END USERSThe three pillars of Mirus are:
Delivering outstanding service.
Offering strategically successful solutions.
Providing consistent customer satisfaction.