How MSPs Can Improve Business Email Compromise Security

Email: every employee’s favorite task.

(Not.)

Whether we like it or not, email is at the core of most information jobs in the world. There are about 200 million business email accounts in the U.S. alone — all of which are prime targets for hackers. 

Business email compromise (BEC) is just what it sounds like: An unauthorized entity gains access to a business email account

That bad actor then uses that access to impersonate the legitimate account owner and perform all sorts of trickery — from data theft and financial fraud to ransom requests.

Businesses email compromise can lead to some hefty bills. The average cost of a data breach has reached an all-time high of $4.45 million. That’s more than a 15% increase from 2020 alone.

But BEC is rarely as dramatic as movies depict it: someone shouting “I’m in!” and then immediately wreaking havoc. 

Instead, BEC is often a more insidious, slow-moving compromise — which can make it even more dangerous.

Living Off The Land: A Hacker’s Favorite Past Time

Once a bad actor has broken into a business email, they don’t just steal something and move on. They bide their time — sometimes for weeks or even months.

In that time, the hacker can keep track of everyone the account owner emails. The bad actor will know things like: 

  • Who the end user’s bookkeeper is 
  • What invoices they pay and when 
  • Who their boss is and what their duties are
  • Where their favorite takeout sushi place is 

Now, unless the hacker has plans to order sushi for all their friends on the end user’s dime, that last one might not be very useful. But the rest of that information? Hacker gold. 

With all that data, the cybercriminal can identify — and pursue — their next victim.

The Lifecycle Of Business Email Compromise

Unfortunately, one business email compromise is rarely ever just one event with a clear start and endpoint. Instead, that first compromise is usually the first step of a nasty cycle.

Here’s how that cycle usually goes: 

  1. Credential capture: Hackers use tactics like token harvesting, phishing, password spray or brute force to steal an end user’s login credentials. 
  2. Account takeover: Self-explanatory
  3. Establish email rules: Once in the account, the bad actor can set up email forwarding or other rules to keep track of everything happening in that inbox. 
  4. “Live off the land”: The hacker pitches a proverbial tent and just hangs out for a while. Sneakily, they watch the emails being sent and take notes on where they could initiate some fraud. 
  5. Execute scam: This could look like sending a fake invoice or asking for bank account information, but doing it from the account of a legitimate vendor or coworker. The target won’t have a clue they’re not actually talking to Becky from accounting. 
  6. Identify new targets … and circle back to step one. Once Becky from accounting is also compromised, the hacker will pitch another tent within her account. They’ll observe, take note and then do it all over again.

What’s at stake in this cycle? 

Well, a lot of money, especially depending on the size of the organization. This could be in the form of direct financial theft. Or, an organization could even face civil liability for losses of sensitive data. 

Cloud providers such as Microsoft explicitly do not take responsibility for losses on its platform, even if a business’s 365 account is hacked. 

On top of that, your customer’s reputation is at stake. Organizations who get duped out of millions of dollars often make the news — and that’s not the kind of public relations you want.

Related Content: How the team at Technology Advisory Group prevented a customer from paying a fake $20,000 invoice.

How SaaS Alerts Mitigates Loss from Business Email Compromises

Without the right tools in place to prevent attacks, business email compromise can become a never-ending doom loop: one attack leads to another leads to another. 

Platforms like SaaS Alerts can break that chain. In fact, SaaS Alerts blocked about 8,000 BEC events in 2023 alone.

To protect your customers from BEC, you need: 

  • Continuous monitoring of account behavior: Keep an eye on when email forwarding rules get set up or other suspicious activity that could indicate BEC. SaaS Alerts monitors all that behavior and sends alerts about potential threats. 
  • Automated account blocking on compromise detection: To prevent the BEC cycle, you have to stop it at the source. That means you need instant action when a bad actor forces their way into an account. 

Traditionally, you had to manually take action, sometimes responding to alerts in the middle of the night. But with SaaS Alerts, you can proactively set up automated remediation, which will shut down a compromised account within seconds, 24/7/365.

  • Daily session/access token expiration: You can set this standard as the default within SaaS Alerts, then deploy those rules to all your customers within minutes.
  • Employee awareness training: The weakest link in the business email security chain is, of course, the email account’s owner. The more you can train your customers’ end users, the less likely they’ll fall for a phishing scam, fake invoice or whatever else a hacker throws at them. 

With robust reporting capabilities, SaaS Alerts can help facilitate that training. For your customers, there’s no kick in the pants quite like a report of how many times hackers have attempted to compromise the organization’s email accounts.

Ready to Get Started?

We understand that choosing the right partner is a significant decision for your business. With SaaS Alerts, you're not just getting a service—you're gaining a secure and reliable partner. We look forward to protecting you and your customers for years to come.

Get Started

Request a Demo