Business Email Compromise (BEC) , Email Security & Protection , Email Threat Protection

Business Email Compromise: Battling Advanced Attackers

Ultra-Lucrative Campaigns Continue, Warns David Stubley of 7 Elements
David Stubley, CEO, 7 Elements

Many businesses don't seem to be able to stop business email compromise schemes. "Incidents are just increasing; there's a huge volume of business email compromises," says David Stubley, CEO at 7 Elements, a security testing firm and consultancy in Edinburgh, Scotland.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

"We're seeing three broad groupings," Stubley says, and while the specifics are unique to each victim, in general, most of these attacks have the same goal. "They're all trying to effect a financial payment away from the organization," he says.

Such payments can be substantial. In a case recently investigated by 7 Elements, for example, a victim paid $900,000 by responding to a fake invoice submitted by an attacker.

In a video interview at Information Security Media Group's recent Cybersecurity Summit in London, Stubley discusses:

  • Low-skilled attackers' tactics;
  • How more professional attackers operate;
  • Groups that break in via elaborate phishing schemes but only steal data - and why this is especially troubling;
  • Essential defenses.

Stubley is the founder and CEO of 7 Elements. He was previously manager of penetration testing services for Royal Bank of Scotland, and he served as a penetration testing project manager for Britain's Ministry of Defense as well as an IP technical security engineer for MCI WorldCom.


About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.