What is Business Email Compromise?
Business Email Compromise (BEC) is described as an exploit in which the attacker gains use of a corporate email account then spoofs the victim's identity to defraud the company or its employees, customers or partners who are responsible for releasing money or system or network access.
What is the pain point?
BEC has expanded tremendously over the past few years as one of Fraudsters most popular and profitable attacks. They prey on the victim’s lack of knowledge or special tools to avoid phishing and ransomware strikes using employee’s emails and sometimes their passwords as the method of delivery. The threat is heightened due to employee’s password reuse colliding into both their personal and professional lives. Fraudsters banking on the User’s bad password hygiene and engage in social engineer tactics to tie the credentials and passwords together to monetizing the vulnerability. According to the FBI the global losses from BEC fraud is reported to be $12.5 billion as of mid-year 2018.
How did you go about looking to solve it?
Compromised BEC Alert product serves as a notification to an organization by monitoring their employee emails, matching the credentials of those who have fallen victim to ID theft, and now unwittingly pose a threat to your corporate internal networks and systems. No one is exempt, these phishing and ransomware virtual assaults target all levels of employees from clerical to C-levels.
What is the benefit of working with Compromised?
Your security professionals can easily manage Alerts by uploading a list of current employee’s email addresses and setting periodic times to re-run their records. Once the email records are processed and matching compromised results are returned, the details may be viewed in our dashboard. To notify employees affected by a compromise, a prepared template email is selected to send manually or automatically send the email through our dashboard. The automatic email distribution and delivery feature are tracked for your records. It is the responsibility of the employee to follow through and update any credentials using the compromised credentials and passwords.
Conclusion showing something quantifiable that the business gains and can’t live without?
According to studies at least 10% of all employee emails from organizations have been compromised. Further examples show Financial industry as an average of 17%, and Telco as high as 23%. That is a compelling amount when considering that just one successful phishing or ransomware attack could produce catastrophic financial losses through wire fraud, reputational damage and in some industries such as healthcare it could cost lives. Proactive prevention is the name of the game. Let Compromised Alert product help initiate compromised credential risk intelligence into your organization’s fraud tool arsenal.