BEC attacks account for a very small percentage of phishing emails that are targeting companies worldwide yet is still a multibillion-dollar issue. Organizations should adapt policies to prevent BEC scams from being executed, including a verification process for all business transactions or money transfers. Because it is so easy for a threat actor to set up a typo-squatted domain, this verification should take place in person or over the phone. Companies can work to prevent being impersonated in attacks like these by employing a service such as the Binary Defense Counterintelligence team, who looks for and identifies newly registered domains that appear similar to the legitimate ones.
https://www.bleepingcomputer.com/news/security/new-crimson-kingsnake-gang-impersonates-law-firms-in-bec-attacks/
