Cybercriminals prefer to make life easy on themselves. Instead of relying on sophisticated malware or an undiscovered vulnerability to victimize a targeted business, they would much prefer to have an unsuspecting employee do the dirty work on their behalf. That way, there is far less overhead required and lower risk of sounding any alarms.
And that is exactly how business email compromise attacks work. Commonly referred to as "CEO fraud" attacks, these schemes typically impersonate the chief executive of an organization and cajole unwitting employees into initiating wire transfer payments - which the workers believe are going to someone legitimate but are actually being dispensed directly to the thieves.
The FBI estimated last spring that companies have lost billions of dollars to the hoaxes, making this threat one of the biggest facing organizations today. Fortunately, there are steps you can take to limit your risk of becoming a victim. Check out the video above featuring Phil Hay, SpiderLabs research manager at Trustwave, who defines the threat and offers real, practical tips for mitigating it.