Threats and Protection: Business E-Mail Compromise

Although not as widely profiled as ransomware attacks in recent years, business e-mail compromise (BEC) represents a more significant financial threat to organizations than other recent types of attack. According to Cisco, "Threat actors have found that a much easier method of obtaining money directly, with a lower operating cost, is to simply ask for it." The FBI issued a report in May 2017 that shows losses from BEC scams are up more than 2,300% since 2015, at $5.3 billion. BEC scams, which are simple and cheap to perpetrate, spoof the identity of authority personnel such as a CFO to force others to take actions. BEC attacks have been successfully used to get the victim to provide payroll information and transfer funds. Protection against BEC requires a multilayered defense, utilizing technical networking and e-mail safeguards and ongoing training of key financial personnel. This session will provide examples from the FBI's investigation of BEC cases and discuss ways to detect and defend against it.

Outcomes: Learn about the risks and specific threats of BEC * Know what to watch for in BEC attacks and identify if your organization or job makes you a target * Explore what tools are available to protect against BEC * Get contacts for additional information or if a BEC attack is detected

EDUCAUSE thanks the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC) for sourcing this session.