Recently we have made a thread about Business Email Compromise (BEC) attacks
Today let's discuss security measures to avoid being the victim of this type of attack 🛡️
🧵…

1. Automated Anti-Phishing Solutions
An anti-phishing solution should be able to identify the red flags of BEC emails (like reply-to addresses that don’t match sender addresses)
In some cases it can use machine learning to analyze email language for signs of attack

2. Separation of Duties
BEC attacks try to trick employees into taking a high-risk action without verifying the request
Implementing policies for these actions that require independent verification from a second employee can help to decrease chances of a successful attack

3. Labeling External Emails
BEC attacks commonly try to impersonate internal email addresses using domain spoofing or lookalike domains
Configuring email programs to label emails from outside the company as external can help defeat this tactic

4. Employee Education
Training employees on how to identify a BEC attack is essential to minimizing the threat of this form of attack
Such training is focused on identifying forms of social engineering, so it will be also help to prevent other phishing attacks as well