Email communication is very far from secure and private electronic communication . The e-mail itself works as “plain text” . Its content can therefore be read and even it by anyone who gets access to it . Despite this, most of us unconditionally believe the messages we receive in e-mail from our acquaintances. It’s similar in corporate emails.
Threats
BEC (Business E-mail Compromise), or when the threat to the security of corporate e-mails is target internally, it means that an attacker uses a compromis e-mail of an employee and impersonates him . They then try to rirect wages to another account, urgently request a transfer of funds or, for example, change the account number on the invoice for a partner or client . Statistics prove that BEC is a real problem/risk:
losses associat with them excee
Since 2016, the losses associat with BEC amount to over 43 billion dollars ( FBI ).
Pretexting (using a made-up scenario to convince a victim to take a ne action or obtain ne information) overtook phishing as the most prevalent social engineering tactic in 2022, with BEC attacks accounting for more than 50% of social engineering incidents ( Verizon ).
BEC was the attack vector for 9% of all data breaches in 2023 ( IBM ).
In addition to obtaining funds poland phone number data directly, unauthoriz persons may also target sensitive information such as bank details, passwords, or trade secrets, which they can exploit for further financial fraud, identity theft, or espionage
Businesses can defend against these attacks
Using personal certificates ( S/MIME ) that employees can use to sign emails. An e-mail with such a certificate then guarantees that it is how is seo perform with al really the given person and at the same time that the e-mail has not been modifi in any way since the “signature” . Any modification of the e-mail or sending from a different device (than the one on which the employee has the certificate import) will invalidate the signature. In such by lists a case, Outlook will indicate to the recipient that the signature is invalid (using a cross-out envelope), alerting the recipient to the problem.