iQuanti: Concerns about business email compromise — also known as email account compromise — are on the rise. In the last five years, business email compromise has been responsible for massive financial losses in the billions of dollars and incalculable harm to brand reputation. With a constantly evolving landscape of fraudsters and scams, awareness and constant vigilance are needed at all levels of an organization.

The most common business email cyberattacks include spoofing, phishing, malware, ransomware, and viruses.

Spoofing

Spoofing disguises an email address, sender name, or website name — often by changing just one letter, number, or symbol — to convince the recipient that it is from a trusted sender. The aim is to trick the recipient into revealing personal information or clicking on a malicious link or attachment that opens up the victim and their company to further attack. Spoofing emails may also use font manipulation or similar-looking characters to mimic a legitimate name.

Phishing

Phishing emails, like spoofing, look like they are from a trusted sender such as a bank, delivery service, or vendor, and use social engineering to trick the recipient into directly giving away confidential information, credentials, or money.

For example, the email may appear to be a vendor with new wire transfer instructions that would divert the funds to the criminal. The email may seem completely casual and friendly as if the vendor is just forwarding you their new account information, or it may be made to seem extremely urgent as if a past-due bill is going to result in a service shut off if not paid immediately. Phishing emails can be sent in bulk, targeting many users at a time or be extremely targeted. The latter is called spearphishing, which is using personal information available on the Internet or acquired through previous fraudulent activities to gain the trust of a specific victim and manipulate them.

Malware

Malware is malicious software, often embedded in an email as a link or attachment, that has been created to harm the target's data and systems. It may infiltrate the network and send information back to the cybercriminal, utilize the network for its own ends by sending messages or requesting payments, or gain access to the victim's data, including passwords and other sensitive data.

Ransomware

Ransomware is a subset of malware that takes an organization's entire network hostage, essentially shutting the victim out of their own systems and/or information until they pay a ransom to regain access or are able to access a secure backup of their data.

Viruses

Viruses are a type of malware that change the way a computer operates. They may freeze or interfere with the functioning of a computer or network, erase data, or damage hard drives. Viruses may also damage a company's reputation by sending emails with embarrassing or sensitive content to the contacts stored on a computer or network.

Business email cyberattacks continue to evolve and get more sophisticated. Organizations must continue to train and educate their employees to stay up-to-date on the latest tactics and forms of attack.