Explore the rapidly expanding cybercrime of Business Email Compromise (BEC) in this informative Black Hat conference talk. Delve into the reasons behind the 1300% increase in reported cases from 2015 to 2016, and understand why this financial fraud scheme targets organizations of all sizes across various market segments. Learn about the tactics used by cybercriminals, including lookalike domains, SMTP relays, and breach-related compromises. Discover effective countermeasures such as employee training, implementing robust processes and policies, and utilizing email security gateways. Gain insights into the importance of SPF, external labels, and blacklisting in combating BEC. Understand the crucial steps of reporting incidents and the potential consequences of falling victim to this lucrative cybercrime.
Phishing for Funds - Understanding Business Email Compromise
Overview
Syllabus
Intro
What is Business Email Compromise
How do people come after you
Why is this important
Business Email Compromise
How do they find out about you
They want to come after you
Lookalike domains
Singapore Air domain
SharpMail
Who is that
Reply to
SMTP relays
Example
Breach Related Compromise
How do you stop this
Employees
Processes Policies
Email Security Gateways
SPF
External Labels
Blacklisting
Deleting Exchange
Report it
Taught by
Black Hat
