What is a Business Email Compromise?

Business email compromise attacks are a class of cybercrime that use email fraud to attack commercial, government, and non-profit organizations to achieve a specific outcome that negatively impacts the target organization. Examples include invoice scams and spear phishing spoof attacks which are designed to gather data for other criminal activities. A business deceived by an email spoof can suffer additional financial, business continuity, and reputational damage: fake emails are a favored route for ransomware that can stop operations unless a ransom is paid; consumer privacy breaches can also be enabled.

Typically an attack targets specific employee roles within an organization by sending a spoof email (or series of spoof emails) that fraudulently represents a senior colleague (CEO or similar) or a trusted customer. (This type of attack is known as spear phishing.) The email will issue instructions, such as approving payments or releasing client data. The emails often use social engineering to trick the victim into making money transfers to the bank account of the fraudster.

The worldwide financial impact is large. The United States Federal Bureau of Investigation recorded $26 billion of US and international losses associated with BEC attacks between June 2016 and July 2019.

How Libraesva can help?

Libraesva designed a specific engine to intercept these attacks. The required configuration is minimal: the names and the legit email addresses of the company executives. Email addresses on external email providers are supported as long as the emails are DKIM-signed to protect against spoofing.