Intelligent CIO North America Issue 05 | Page 41

FEATURE : EMAIL SECURITY changed . But instead of sending it to your business partner or your customer , this results in goods being sent directly to the criminals , only to then be sold on the Dark Web .
I think it ’ s important to analyze these various techniques because , when we ’ re looking at the solution , the technique that the criminals are using will dictate the controls that we implement to ultimately identify and block these threats .
What are the key differences between BEC and EAC attacks ?
Business Email Compromise refers to a scam that targets specific people in the organization to ultimately steal money or data , with the criminals using the technique of spoofing to pretend to be an executive or supplier .
Email Account Compromise is highly sophisticated , where the attacker uses various techniques to ultimately get legitimate access to the email accounts . They steal credentials by guessing a password or sending a phishing email that , when the employee clicks on the link , they fill in their username and password , and have ultimately sent those details directly to the criminal .
In the case of EAC , there are almost always two victims – the person whose email account got compromised and the other person who falls for the fraudulent request from the compromised email account .
Adenike Cosgrove , Director of Cybersecurity Strategy for International at Proofpoint
www . intelligentcio . com INTELLIGENTCIO NORTH AMERICA 41