Cybersecurity specialist Kaspersky has published a list of the main methods of compromising business emails, allowing hackers to discreetly enter into communication with employees in order to extract information or money from businesses.

Companies are constantly confronted with so-called BEC, or Business Email Compromise attacks, the most sensitive sectors being the air transport industry, IT and delivery businesses. For the companies who fall victim to such scams, the damage can sometimes amount to several million dollars.

This type of attack follows a well-oiled routine and involves sending emails to employees in the hope that they will provide confidential data or wire money to them. However, in order to get their attention, hackers have to be more and more cunning. Kaspersky’s teams have identified the most effective methods for deceiving employees.

The first is to send an employee a bogus email from a company executive urging them to share information with a ‘legal counsel’ or some other such figure of authority. This is a tried and tested technique designed to harvest as much confidential company data as possible.

Another well-known case involves an email sent to a company’s accounting department, supposedly from an employee, asking them to change their bank details so that the real employee’s salary will be paid directly into the hacker’s account.

Finally, Kaspersky mentions the classic false invoice from a fake supplier, claiming a sum due in exchange for goods or services, but with the hacker’s bank details.

Employees are obviously advised not to open or respond to suspicious emails.

 - AFP Relaxnews