Anatomy of Sophisticated Business Email Compromise Attacks: Beyond Simple CEO Impersonation

Webinar Registration

I’ve got no doubt you’ve all heard about Business Email Compromise (BEC) attacks. They’re one of the most costly, invasive, and sinister forms of cyberattack. The FBI estimates BEC has cost its victims $26B over the last 3 years. Some of you may think it’s little more than setting up a Gmail account with a CEO’s name and sending off an email to the CFO asking them to wire money.

Sure, that happens, but there is so much more to BEC than just spoofing executive names.

BEC traditionally is the term given to a form of attack using targeted social engineering against organizations by focusing on a CFO or someone whose role involves access to or make decisions about the company’s finances – including finance, payroll, and human resource departments. But more recent attacks have become significantly more sophisticated than a simple “I’m the CEO. Transfer money please” email, where attacks take a multi-phased approach that involves intrusion, reconnaissance, and then threat actions.

In this real training for free session, I’m going to take a look at BEC attacks and cover in detail the various tactics, techniques and procedures used in practical execution throughout the timeline of an attack, including:

Phishing techniques
Social Engineering methods
The role of credential compromise
Domain, brand, and individual impersonation
Email thread hijacking
Obfuscation through Exchange rules
Threat actions beyond simple fraud

I’ll walk through each and provide real-world examples of what to look for and how to protect against each step of a BEC attack.

Matt Petrosky, CISSP and VP of Product Management at our sponsor, GreatHorn, will also offer up some customer stories of attacks that have happened. He’ll also demonstrate how easy it is for the bad guys to capture credentials as well as offer insights into advanced ways to quickly detect BEC including:

Sender-Recipient relationships
Keystroke patterns
Spoofing likelihood
Communication patterns
Content analysis
Technical fingerprints

Please join us for this real training for free event.

First Name:	Required
Last Name:	Required
Work Email:	Required Invalid email address
Phone:	Required
Job Title:	Required
Organization:	Required
Country:	Required
State:	Required
Industry:	Required
Company Size:	RequiredRequired
	Your information will be shared with the sponsor. By clicking "Submit", you're agreeing to our Privacy Policy and consenting to be contacted by us and the sponsor. Tweet

Upcoming Webinars

Additional Resources

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.