Network and application firewalls for cloud-connected organizations
From the Next Generation Firewall to a Cloud Generation Solution
Makes web browsing safe and preserves bandwidth.
Protect websites and applications from cyber-threats.
Protect every web app, hosted anywhere, in minutes.
Ensure website and application performance and reliability.
Free scanner checks your website for potential vulnerabilities.
Make email safe for business with comprehensive protection of users, data, and your brand.
Combines Essentials, Sentinel, and Phishline.
All-in-one email security, backup, and archiving service.
A.I.-Based Protection from Spear Phishing, Account Takeover, and Business Email Compromise
Anti-phishing training and simulation platform.
Cloud-connected email security appliance.
Solutions for data retention, compliance, and eDiscovery
Locate, migrate, and eliminate Microsoft Outlook PST files.
Free tool to find threats already sitting in your inbox.
Cloud-integrated protection for business-critical data wherever it resides.
Add cloud-based backup and recovery to your Office 365. Protects emails and files from accidental and malicious data loss.
Barracuda's physical and virtual appliance solutions allow for fast deployment to on-premises and remote locations.
Barracuda's cloud-based security services reduce up-front costs and setup time.
Protect your websites, applications and data running in AWS with support for the AWS Shared Security Model. Metered billing and BYOL available.
Deploy Barracuda security solutions natively on Microsoft Azure. We support Azure best practices to cut deployment time.
Barracuda released the industry's first network firewall for GCP. Protect both on-premises and GCP assets from a single console.
Protect patient data, ensure access to health records, and defend against cyber threats.
Don't let your ecommerce site or POS fall victim to attacks or data theft. Ensure reliable connectivity for retail locations.
The financial services industry is a target by hackers looking to steal data and disrupt websites.
Barracuda products help your school achieve CIPA compliance and ensure a safe learning environment for students.
Government agencies rely on Barracuda for data protection and network security.
Barracuda manufactures all products in the United States and makes them available for purchase under GSA contracts.
Migrating your email to Office 365 raises a new set of security and network access challenges. Barracuda can help make the cloud safe for business.
Email compliance regulations and legal holds often require capabilities beyond the built-in features of Office 365.
Even with the best security and archiving tools, it is possible for the important email to be accidentally or maliciously deleted. Barracuda adds full backup and recovery of every Office 365 email using the secure Barracuda cloud.
Check out the current threat landscape based on millions of data points collected by Barracuda.
Protect all your threat vectors from zero-hour attacks with full sandboxing.Available for Cloud Generation Firewalls and Email Security solutions.
Detect, prevent, and recover from ransomware attacks.
If you do business in the European Union, Barracuda can help you achieve and maintain GDPR compliance.
Business Email Compromise (BEC) is an exploit in which an attacker obtains access to a business email account and imitates the owner’s identity, in order to defraud the company and its employees, customers or partners. Often, an attacker will create an account with an email address almost identical to one on the corporate network, relying on the assumed trust between the victim and their email account. BEC is sometimes described as a “man-in-the-email attack”.
Carried out by transnational criminal organizations that employ lawyers, linguists, hackers, and social engineers, business email compromise can take a variety of forms. In most cases, scammers will focus their efforts on the employees with access to company finances, and attempt to trick them into performing wire transfers to bank accounts thought to be trusted, when in reality the money ends up in accounts owned by the criminals.
In a BEC exploit, the attacker typically uses the identity of someone on a corporate network to trick the target or targets into sending money to the attacker’s account. The most common victims of BEC are usually companies that utilize wire transfers to pay international clients.
Although the perpetrators of BEC use a combination of tactics to trick their victims, a common plan involves the attacker gaining access to a business network utilizing a spear-phishing attack in conjunction with some form of malware. If the attacker stays undetected, they can spend time studying all facets of the organization, from vendors, to billing systems, to the correspondence habits of executives and other employees.
At an appropriate time – usually when the employee being impersonated is out of the office – the attacker will send a bogus email to an employee in the finance department. A request is made for an immediate wire transfer, usually to any trusted vendor. The targeted employee thinks the money is being sent the expected account, but the account numbers have been altered slightly, and the transfer is actually deposited in the account controlled by the criminal group.
If the money fraud fails to be spotted in a timely manner, the funds can often be close to impossible to recover, due to any number of laundering techniques that transfer the funds into other accounts.
Often, messages sent by perpetrators will follow a number of archetypes. As defined by the FBI, there are 5 major types of BEC scams:
There are many ways to defend against Business Email Compromise. Common techniques that are employed include:
Enterprise security is essential, and a compromised email system can seriously damage legitimate business interests. Safeguarding a company’s finances and privacy will not only empower employees but also ensure business longevity.
Barracuda Phishline provides state-of-the-art training and simulation to measure your vulnerability to phishing emails and social engineering attacks. By identifying human risk factors, it can prepare your enterprise to identify and eliminate specialized attacks such as Business Email Compromise (BEC).
Barracuda Sentinel is a powerful artificial intelligence engine that learns organizations’ unique communications patterns to identify and block real-time spear phishing attempts. By finding anomalous signals in incoming messages, Barracuda Sentinel can prevent attacks such as Business Email Compromise (BEC) before they strikes.
Do you have more questions about Business Email Compromise? Contact us today.
Call +1 888 268 4772
Our live chat tool is experiencing an outage. Until this issue is fixed, please call us at +1 888 268 4772 for immediate assistance. We apologize for any inconvenience.