What Is Business Email Compromise
Business Email Compromise, otherwise known as BEC, is a cyberattack designed to gain access to vital business information or to obtain financial information through an email-based fraud. These criminals send emails that appear as if they are coming from a member of your trusted network. BEC is quickly becoming one of the most damaging and sophisticated forms of cybercrime, with the potential to cost a company millions of dollars due to majority of business activity being online.
How to Prevent These Attacks
- Avoid using free web-based email accounts. Instead, create a domain name and use it to create company emails instead.
- Enable multi-factor authentication for work and personal email accounts. By implementing multi-factor authentication, it makes it more difficult for cybercriminals to access emails, which makes it harder to launch an attack.
- Double check the sender’s email address and use procedures to keep these attacks at bay. A fake email address typically has an extension similar to a legitimate email address, typically created by a common misspelling. For instance, if your domain was @creativecomputerMs.com, an attacker could send an email from @creativecomputerNs.com, and if you didn’t notice the subtle difference you might click on a compromised link. Microsoft’s Defender and External Tag feature are good strategies to have in place to eliminate the need for verifying each email yourself.
What is Microsoft 365 External Tagging and How Does It Help You?
The external tag is a feature Microsoft introduced to help customers recognize emails from external sources. This tag helps businesses, and their employees avoid falling into the trap of business email compromise (BEC). This tag will help you identify emails from attackers that are trying to spoof their email to resemble your domain. Having the external tag eliminates the need to verify each email yourself as Outlook is now doing this for you. These types of attacks are growing extremely common, and this tool is an invaluable resource to prevent them.
Example of this feature on a desktop/web browser format:
Example of feature on a mobile phone: