How to Prevent Business Email Compromise (BEC) Attacks

How to Prevent Business Email Compromise (BEC) Attacks

March 21, 2022 / in Blog / by Zafar Khan, RPost CEO

RMail’s Right Recipient Feature Helps Prevent BEC Attacks on Vulnerable Staff

In honor of the return of baseball for the 2022 season, which was until recently in doubt due to a prolonged labor dispute, I’d like to revisit the now immortal words of one baseball’s most infamous managers.

The man is Leo Durocher who managed the Brooklyn Dodgers 1939-46 with a stint in 1948. He is credited with coining the phrase, “nice guys finish last,” which has become a kind of Machiavellian cliché used more now in business settings than in sports. The subtext is that you have to be ruthless to win, which is ironic because Durocher never won a world series in his time with the Dodgers. The Yankees under their affable (some would say nice) manager, Casey Stengel, would go on to win 7 titles.

(As a side note, this quotation, like most famous quotations, was mangled from the original. It went: “Do you know a nicer guy than [rival manager] Mel Ott? Or any of the other [New York baseball] Giants? And where are they? The nice guys over there are in last place!”)

Bringing this back around to email security, we’ve found that staff who are generally more emotionally sensitive and caring more often than not fall prey to business email compromise (BEC) email impostor trickery. Here’s why:

Many of the impostor emails designed to lure your staff use well crafted (and proven successful) language that appeals to those who want to be there to assist above and beyond—you know, “nice guys” (or gals, of course). These impostor emails appear to come from the staff’s boss (or bosses’ boss), who apologize for intruding but then asks for “a favor”. It’s often a simple ask, but that is the opening volley. The hook is in.

Learn more:

How to send encrypted email

Secure Email Services

Email File Transfer

Think about who on your staff is more susceptible to responding to “a favor” request. If they are asked to do a favor – like send some money for a reasonable invoice or urgently send funds for a business transaction or even to buy a bunch of gift cards (for the impostor), these “nice” staff people often do it. Unfortunately, these very nice people are the BEC attacker’s primary targets. BEC cyber criminals are probably right now doing a sensitivity analysis on your staff based on social media data that they can garner.

Here at RPost, we understand the “security of sentiment”. RMail for Outlook, with all its newest AI, anticipates email impostor trickery in-the-moment of email interaction, and it helps your staff take a pause and prevent such trickery. As you may already know, RMail’s Right Recipient™ feature prompts users to double check recipient addresses if our AI engine determines that the sender is about to misaddress a sensitive email. It also alerts the sender if the recipient domain is likely to be a clever misspell of an authentic recipient domain, considering domain age and other variables. This is a powerful weapon against the growing threat of BEC attacks on vulnerable but well-meaning staff, and it is available with every subscription to our new RSecurity suite within RMail (read more in product news release).

Being nice is a great virtue. Please don’t get me wrong. Gandhi may be one of the best-known nice guys in history, and he was a tremendous force for good in the world (much more so than Leo Durocher), but I am glad he never had access to email and our company’s bank routing numbers.

Feel free to contact us to discuss how you can get started with RMail and the RSecurity suite.