1 Matching Annotations
- Nov 2019
-
www.darkreading.com www.darkreading.com
-
Blocking BEC AttacksAs technology evolves and deep fake AI grows popular, business email compromise (BEC) attacks are growing more common and sophisticated. Payton gave the audience a piece of advice: Do not use your public-facing domain name for moving money. Cybercriminals do their open source intelligence. They know your CEO. They know your CFO. They can figure out who your vendors are and your marketing campaigns. With knowledge gleaned from an Internet search, they have enough to send a social engineering email and transfer money. "Get a domain name that is not your public-facing domain name," Payton said. Get a set of email credentials only for people who are allowed to move money. Tell your bank you're no longer using the public-facing domain name for anything to do with wire transfers and money movement. From there, create a template to be used among employees sending and fulfilling financial requests. Decide on a code word you text to each other that isn't a term shared on social media, Payton advised. This way, a request that doesn't come with a code word will appear suspicious. A large healthcare provider adopted the method, she said – and it has already worked. The same strategy can be used for transferring intellectual property.
prevention strategies
-