Email Security Intelligence - FBI: Existing Cloud Email Protection Inadequate Against Phishing, Ransomware

The FBI continues to warn organizations about sophisticated COVID-19-related Business Email Compromise (BEC) scams that exploit users to steal login credentials, sensitive data, and other valuable information. Businesses must take immediate action to implement critical layers of email protection software onto their Microsoft 365 and Google Workspace platforms.

Cybercriminals have taken advantage of the increasing number of companies utilizing cloud email platforms for daily operations. They have focused their attacks on remote and hybrid-working individuals, who are more vulnerable to email attack types like BEC. Microsoft 365 and Google Workspace users suffer from more email threats than ever. In March 2020, Guardian Digital identified and blocked more malicious emails targeting Microsoft 365 users. This mitigation was the most Guardian Digital has dealt with in any month since its establishment in 1999. 

Business Email Compromise and credential theft threats pose significant risks to major cybersecurity platforms, but email security issues like these are not a product of the pandemic. In fact, between January 2014 and October 2019, the Internet Crime Complaint Center (IC3) received complaints totaling over $2.1 billion in losses due to BEC scams on Microsoft 365 and Google Workspace.

Cloud email servers are susceptible to countless email threats if they do not incorporate the right email protection software to ward off cybercriminals, who prioritize these systems since the attacks are relatively successful. The FBI explains, "Thirty percent of phishing attacks make it through existing systems and are opened by target users." The built-in security features on Microsoft Exchange Online Protection (EOP) and Google Workspace servers are inadequate, permitting data loss attacks, credential theft, account takeovers, and Business Email Compromise to persist. This article will discuss BEC risks, how they harm a server, and what options you have to improve your security posture.

What Is Business Email Compromise?

Threat actors understand that email security software is not always the strongest, so they focus on creating phishing email attacks that imitate server messages. These phishing campaigns deceive employees into sending over data that could result in compromised email addresses and system crashes.

During a Business Email Compromise attack, cybercriminals impersonate CEOs and higher-up individuals in a company through email spoofing attacks and previously compromised accounts. Typically, in the form of a phishing email attack, BEC seeks to gain information from victims and install malware ransomware that can harm a business's reputation and finances.

The FBI elaborates, "Using the information gathered from compromised accounts, cybercriminals impersonate email communications between compromised businesses and third parties, such as vendors or customers. The scammers will then impersonate employees or business partners, with the end goal of redirecting payments to bank accounts they control." Threat actors can utilize this compromised data to launch additional attacks that severely damage a company's productivity.

Whom Do BEC Attacks Typically Target?

Guardian Digital noticed that Business Email Compromise attacks exploit businesses that have shifted to fully remote or hybrid environments following the COVID-19 pandemic. Unfortunately, most Small- and Medium-Sized Businesses (SMBs) are fully digital, and cybercriminals take advantage of that since most SMBs do not have the staff available to establish a secure email server.

The FBI has found that "Although Google Workspace, Microsoft 365, and other popular cloud-based email services come with built-in security features that could help block BEC attempts, many of these features aren't enabled by default and have to be manually configured or toggled on by IT admins and security teams. Because of this, small and medium-sized organizations, or those with limited IT resources, are most vulnerable to BEC scams." Organizations must prioritize enabling all cloud email protection options, especially for small businesses.

How Can I Prevent BEC Risks?

There are various best practices for email security that companies can implement to add layers of email protection. The FBI suggests and urges that digital workers employ the following cybersecurity tools and recommendations to improve the safety of their business:

• Set up Two-Factor or Multi-Factor email authentication protocols for all email platforms so users must verify themselves before entering the server.
• Ensure known contacts confirm payment or transaction changes to keep cybercriminals from learning your financial information.
• Hold email security awareness programs to teach employees about Business Email Compromise scams and preventative strategies, including identifying phishing email attacks and responding to suspicious messages.
• Prohibit permissions that automatically forward emails to external addresses, as this is one of the easiest ways for an email spoofing attack to unfold.
• Add email banners for messages from outside your organization so users can approach them cautiously and quarantine emails that appear untrustworthy.
• Avoid legacy email account protocols like POP, IMAP, and DMTP, which can circumvent Multi-Factor Authentication so employees do not accidentally permit hackers into a system.
• Change settings to oversee all email logins and exchanges for about ninety days so you can monitor for suspicious behaviors.
• Ensure email security alerts notify you of foreign logins and other suspicious email threats.
• Enable email security features like malware URL scanners, antiphishing software, and other policies that prevent spoofing emails and compromised accounts from harming your server.
• Configure Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC). SPF, DKIM, and DMARC email authentication can validate email addresses to prevent spoofed emails from entering your system and compromising data.

These email security best practices are essential for organizations to improve security posture and keep their business, clients, and employees safe.

What Solution Does Guardian Digital Provide Users?

Microsoft 365 and Google Workspace users must employ defense-in-depth, multi-layered email security software to prevent modern exploits and email threats from damaging systems. Fortunately, various cybersecurity platforms have email protection software to ensure web and email security.

An effective cloud email security solution is essential, and Guardian Digital recognizes the value of installing such features for a business. Fortunately, their comprehensive, fully managed, vigilant software, Guardian Digital Cloud Email Security, provides companies with the peace of mind to continue daily operations without worrying about the latest email threats.

Here are the fantastic benefits that Guardian Digital offers to users to secure email:

• Experience multi-layered, real-time defenses against social engineering attacks and impersonation risks like Business Email Compromise.
• With Guardian Digital's transparent, collaborative development approach, you can achieve tighter security and minimize the risk of vendor lock-in.
• Simplify development and increase availability and productivity with a scalable cloud-based email security system.
• Work assured that you have expert, caring customer support services and remote system monitoring overseeing your system 24/7/365.

These features, among others, are crucial to improving email security and beneficial to SMBs that cannot afford a personal IT security team.

Keep Learning About Business Email Compromise

Business Email Compromise threats and other phishing email attacks are constantly rising, and your company must do everything it can to bolster its cybersecurity platforms. Consider EnGarde Cloud Email Security for your business, and download Guardian Digital's free Microsoft 365 email protection guide to learn more about cloud email vulnerabilities.

Guardian Digital CEO Dave Wreski explains, “It is crucial that small companies with limited resources and funding to put toward security implement a fully-managed email security solution designed to fortify cloud email with the additional layers of security necessary to combat today’s sophisticated attacks. Guardian Digital EnGarde Cloud Email Security makes enterprise-grade email protection available to small- and medium-sized businesses at affordable prices, eliminating the need for a full-time IT department or mail administrator.”

• Following best practices, you can improve your email security posture to protect against attacks.
• Keep the integrity of your email safe by securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay safe online.