FINAL WORD organisation claiming to be a supplier whose shipping address has changed . But instead of sending it to your business partner or your customer , this results in goods being sent directly to the criminals , only to then be sold on the Dark Web .

I think it ' s important to analyse these various techniques because , when we ' re looking at the solution , the technique that the criminals are using will dictate the controls that we implement to ultimately identify and block these threats .

What are the key differences between BEC and EAC attacks ?

Business Email Compromise refers to a scam that targets specific people in the organisation to ultimately steal money or data , with the criminals using the technique of spoofing to pretend to be an executive or supplier . Email Account Compromise is highly sophisticated , where the attacker uses various techniques to ultimately get legitimate access to the email accounts . They steal credentials by guessing a password or sending a phishing email that , when the employee clicks on the link , they fill in their username and password , and have ultimately sent those details directly to the criminal . In the case of EAC , there are almost always two victims – the person whose email account got compromised and the other person who falls for the fraudulent request from the compromised email account .

What impact has the shift to remote working had on the frequency of these types of attacks ?

It ’ s a lot harder for employees to physically check with their colleagues whether they really did send an ‘ urgent ’ or ‘ confidential ’ email and with a large proportion of the workforce working from home , or flexible working , it ' s causing disruption in business process . In addition , with the reliance on cloud systems , for example , and new ways of working , you find that people are much more likely to react , because we ' re in a heightened state of emotion .

People are much more likely to click and engage with a threat before following internal processes .

83