Anatomy of Sophisticated Business Email Compromise Attacks: Beyond Simple CEO Impersonation

Webinar Registration

I’ve got no doubt you’ve all heard about Business Email Compromise (BEC) attacks. They’re one of the most costly, invasive, and sinister forms of cyberattack. The FBI estimates BEC has cost its victims $26B over the last 3 years. Some of you may think it’s little more than setting up a Gmail account with a CEO’s name and sending off an email to the CFO asking them to wire money.

Sure, that happens, but there is so much more to BEC than just spoofing executive names.

BEC traditionally is the term given to a form of attack using targeted social engineering against organizations by focusing on a CFO or someone whose role involves access to or make decisions about the company’s finances – including finance, payroll, and human resource departments. But more recent attacks have become significantly more sophisticated than a simple “I’m the CEO. Transfer money please” email, where attacks take a multi-phased approach that involves intrusion, reconnaissance, and then threat actions.

In this real training for free session, I’m going to take a look at BEC attacks and cover in detail the various tactics, techniques and procedures used in practical execution throughout the timeline of an attack, including:

  • Phishing techniques
  • Social Engineering methods
  • The role of credential compromise
  • Domain, brand, and individual impersonation
  • Email thread hijacking
  • Obfuscation through Exchange rules
  • Threat actions beyond simple fraud

I’ll walk through each and provide real-world examples of what to look for and how to protect against each step of a BEC attack.

Matt Petrosky, CISSP and VP of Product Management at our sponsor, GreatHorn, will also offer up some customer stories of attacks that have happened. He’ll also demonstrate how easy it is for the bad guys to capture credentials as well as offer insights into advanced ways to quickly detect BEC including:

  • Sender-Recipient relationships
  • Keystroke patterns
  • Spoofing likelihood
  • Communication patterns
  • Content analysis
  • Technical fingerprints

Please join us for this real training for free event.

First Name:   
Last Name:   
Work Email:  
Phone:  
Job Title:  
Organization:  
Country:    
State:  
Industry:  
Company Size:
 

Your information will be shared with the sponsor.

By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us.

 

 

Upcoming Webinars
    Additional Resources