Business Email Compromise Warning Signs

As online dangers keep changing, one type of attack really tricks people's minds: business email scams. These scams rely a lot on tricking people rather than hacking into systems. It shows how important it is to know and protect against trickery in today's online world.

Business email compromise (BEC) attacks are one type of attack particularly adept at manipulating human behaviour. These schemes heavily exploit social engineering tactics, emphasizing the need to grasp and counteract the skillful use of deception.

Social engineering, present in 90% of phishing attacks today, is the cornerstone of BEC attacks. These schemes exploit human vulnerabilities, leveraging urgency, emotional manipulation, and familiarity to trick individuals into divulging sensitive information or performing unauthorized actions.

Understanding common social engineering tactics and the threat groups behind them is crucial for businesses seeking to fortify their defences against BEC attacks.

Exposing Threat Actor Groups

Diamond Sleet:  Notorious for its software supply chain attack on JetBrains, Diamond Sleet poses a significant threat to organizations. By infiltrating build environments, this group jeopardizes the integrity of software development processes, warranting heightened vigilance from affected entities.

Sangria Tempest (FIN):  Sangria Tempest specializes in targeting the restaurant industry, employing elaborate lures such as false food poisoning accusations to steal payment card data. Leveraging underground forums for recruitment and training, this Eastern European group has orchestrated numerous successful attacks, compromising millions of payment card records.

Octo Tempest:  This group, driven by financial motives, employs sophisticated adversary-in-the-middle (AiTM) techniques and social engineering tactics. Initially targeting mobile telecommunications and business process outsourcing firms, Octo Tempest later partnered with ALPHV/BlackCat to amplify its impact through ransomware operations.

Midnight Blizzard:  Operating primarily out of Russia, Midnight Blizzard targets governments, diplomatic entities, NGOs, and IT service providers across the US and Europe. Utilizing Teams messages as lures, this group aims to steal credentials by engaging users in multifactor authentication (MFA) prompts.

Safeguarding Against Social Engineering Fraud

Protecting against social engineering fraud requires a multifaceted approach. Firstly, maintain separation of personal and work accounts. By keeping personal and work accounts separate, individuals can mitigate the risk of attackers exploiting personal information to impersonate trusted entities and gain access to corporate data.

It is critical to implement Multi-Factor Authentication (MFA). While MFA adds an extra layer of security, businesses should be vigilant against emerging threats like SIM swapping. Linking MFA to authentication apps rather than phone numbers can mitigate this risk.

Educating users on the dangers of oversharing personal information online is also extremely important. Limiting the availability of personal details reduces the effectiveness of social engineering tactics that rely on establishing trust.

Businesses must deploy robust endpoint security, firewalls and email filters to safeguard against phishing attempts and other malicious activities. These defences serve as critical barriers against intrusions and data breaches.

By staying informed about ongoing threat intelligence and maintaining up-to-date defences, businesses can effectively thwart the increasingly sophisticated tactics employed by social engineering threat actors. Proactive measures are essential in safeguarding against the pervasive threat of social engineering fraud.
 
John McLoughlin is CEO of J2 Software

Image: AntonioGuillem

You Might Also Read:

Businesses Must Prioritise Safeguards Against Common Threats:

DIRECTORY OF SUPPLIERS - Email Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« London Hospitals Held To Ransom
OpenTofu's New State File Encryption Is A Boon For IaC Security »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

SK-CERT

SK-CERT

SK-CERT National Computer Computer Emergency Response Team of Slovakia.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Certes

Certes

Certes is a pioneer in delivering cutting-edge security technology solutions, with a specific focus on Data Protection Risk Mitigation (DPRM).

BetterCloud

BetterCloud

BetterCloud puts IT in control of the modern workplace through user lifecycle management, data discovery, and IT and security automation purpose-built for SaaS.

Sequitur Labs

Sequitur Labs

Sequitur Labs is developing seminal technologies and solutions to secure and manage connected devices of today and in the future.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Exponential-e

Exponential-e

Exponential-e provide Cloud and Unified Communications services and world-class Managed IT Services including Cybersecurity.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Network Utilities (NetUtils)

Network Utilities (NetUtils)

Network Utilities provide identity centric network and security solutions to organisations from Telecoms and ISPs to SMEs and large corporates.

Regulativ.ai

Regulativ.ai

Regulativ.ai is an innovative and comprehensive platform, driven by AI, to address the regulatory and compliance needs of Cyber Security Regulatory compliance and reporting.

Sentrium Security

Sentrium Security

Sentrium is committed to helping organisations protect their technology, information and people. Our range of bespoke services provide solutions to tackle a broad range of cyber security challenges.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

VENZA

VENZA

VENZA is a data protection company that can help organisations mitigate their vulnerabilities and ensure compliance, keeping guests and their data safe from breaches.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

SecureFlag

SecureFlag

SecureFlag is dedicated to enhancing secure coding across all technical profiles within the Software Development Lifecycle.