The holidays are over, and you know what that means? Your inboxes are full of emails. 

But some of those emails might contain malicious links or files disguised to appear from trusted colleagues or even the C-suite within your organization. Can you tell the difference between a business email compromise (BEC) attack and a legitimate email from your CEO?

In this blog, we’ll dive into what a BEC is, the different types of BEC attacks, and how MSPs can spot them effectively before they reach their employees’ or clients’ inboxes. 

What is Business Email Compromise (BEC)? 

A business email compromise (BEC) is a type of social engineering attack where scammers look to defraud targeted employees. What makes a BEC unique is that the messaging and tone appear to come from legit senders, typically from the CEO or other high-ranking executives.

What makes these emails even more effective is their sense of urgency, designed to pressure employees into taking immediate action. For example, a common BEC might contain a message from the CFO asking for a wire transfer to “pay a vendor invoice.” Without proper employee training, such as routine phishing simulations, an unsuspecting employee might comply without verifying the request or sender details. BEC attacks accounted for 14% of all impersonation attack activity in corporate inboxes

The open rates for these emails are alarmingly high. A study found that 28% of BEC emails are opened by employees with 15% of those emails receiving a reply.

BEC attacks have cost organizations over $50B in losses within the past decade. 

AI Making BEC Attacks Harder to Detect

Scammers have begun leveraging Generative AI in their emails with striking accuracy and high success rates.

BEC attacks skyrocketed 20% YoY in Q2 2024 thanks to the advancements in AI-based technology. Scammers can now mimic the precise tone and writing style of C-level executives quite convincingly. 

The finance department in particular remains a prime target for BEC attacks as they have the authority to approve wire transfers, pay invoices, and handle sensitive financial information. AI-generated BEC emails use familiar language that a CFO or controller might mistake for a legitimate payment request. 

BEC emails can bypass traditional security filters as they are personalized to the recipient and appear to come from a trusted source within the organization. Attackers also leverage obfuscation techniques such as URL spoofing, HTML tag manipulation, payload encryption, and embedding links within images to evade email security filters. 

Types of BEC Attacks

Here are 5 types of BEC attacks: 

CEO Fraud: Attackers impersonate the role of a C-level executive, generally the CEO, asking for an urgent transfer of funds or sensitive information. Attackers spend a great deal of effort researching the company, even the CEO’s writing style and typical communication patterns on social media platforms and PR/media sites. This helps them craft targeted emails using the CEO’s tone, terminology, and phrasing.

Account Compromise: Attackers gain unauthorized access to a legitimate employee’s email account, typically through phishing, and leverage the information to send fraudulent requests, such as payment approvals to colleagues or partners.

Attorney Impersonation: There is almost nothing quite as intimidating as receiving a legal letter from an attorney in your inbox. One common form of BEC involves scammers posing as lawyers, requesting immediate payment for services, and sending attachments that appear to be official documents the recipient might recognize.

Data Theft: Data is pure gold to an attacker. They can resell stolen information, such as passwords, accounts, credentials, and financial data, on the dark web for quick profit returns. 

Scammers may also use the stolen information later on for identity theft or to launch more targeted spear phishing campaigns.

False Invoice Scam: Attackers leverage compromised email accounts of legitimate vendors or suppliers to send fake invoices for services. To the untrained eye, these types of BEC emails are increasingly difficult to detect, especially for a busy financial controller who is managing a large number of unpaid invoices with balances due to a variety of vendors. The billing details will go to a fraudster’s bank account and may go unnoticed until the vendor actually reports the missed payment or threatens legal action. 

4 Ways to Spot a BEC

Here are a few red flags to be aware of the next time you log into your corporate inbox:

1. Suspicious Email Header: Look for inconsistencies in the email header, such as unusual “Reply-To” or “From” addresses or email routing anomalies. BEC emails often contain disguised headers to hide their malicious offerings. Always verify the legitimacy of the sender. Check for DKIM, SPF, and DMARC authentication to ensure that the addresses come from trusted domains.

2. Poor Grammar & Typos: BEC emails often contain misspellings, grammatical errors, and excessive punctuation, such as multiple exclamation marks (!!!) at the end of a sentence, designed to create a sense of urgency and prompt an employee to take immediate action. Poor grammar is a classic sign of a phishing attempt. Take the time to go over the email thoroughly.

3. Email Context: Pay close attention to the body of the email itself. Any message asking you to “re-confirm” your personal details is a huge red flag. These keywords are usually accompanied by requests for processing a wire transfer or other financial transaction, such as an “unpaid supplier invoice” or “overdue balance.” Needless to say, you should never enter any sensitive financial details or PII without approval.
4. Timing: Scammers try to catch people off guard, and the best time to do so is during a holiday such as Thanksgiving or Christmas, when phishing attempts peak. Scammers also time BEC emails for Fridays, when employees are more relaxed heading into the weekend and less likely to report suspicious emails.

Avoid responding to “urgent” emails received on a Friday without verifying the sender. If the email appears to be from the CEO or another executive, confirm its legitimacy through a direct message on Slack or a quick phone call. That extra step can help prevent a massive breach. 

And as always, whenever in doubt, just don’t open the email. 

Prevent BEC Attacks and Bolster Email Security with Guardz 

Guardz’s unified cybersecurity platform leverages advanced machine learning and AI to monitor email activity, detect suspicious patterns through detailed email header analysis, and automatically enforce DMARC policies.

With Guardz’s auto-remediation tool, malicious emails are intercepted and either deleted or marked as safe before they can reach your employees’ or clients’ inboxes. 

Take a proactive approach to email security and BEC prevention with Guardz. 

Speak with one of our experts today.

As the new year unfolds, MSPs face opportunities to grow their businesses, build stronger client relationships, and stand out in an increasingly competitive market. In a recent fireside chat hosted by Guardz, we had the privilege of learning from Bob Burg, award-winning speaker and co-author of the best-selling book The Go-Giver. Bob shared powerful insights from his book and how its five laws of success can be applied to help MSPs thrive in 2025 and beyond.

Main Takeaways for MSPs

1. Deliver value that exceeds expectations to build lasting client loyalty.

2. Scale your impact by reaching and serving more clients without sacrificing quality.

3. Build trust by prioritizing your clients’ needs and becoming a true partner in their success.

4. Embrace authenticity to differentiate yourself in a crowded market.

5. Stay open to collaboration, opportunities, and feedback to drive growth.

These principles, rooted in The Go-Giver philosophy, offer a roadmap for MSPs looking to create meaningful impact while growing their business. Let’s dive deeper into each law and its relevance to MSPs.

1. The Law of Value: Deliver Beyond Expectations

“Your true worth is determined by how much more you give in value than you take in payment.”

For MSPs, this principle is a cornerstone of success. Clients don’t just want IT services; they want solutions that make their lives easier and their businesses more secure. Delivering beyond expectations means going the extra mile, whether through proactive monitoring, personalized support, or educational resources.

Application for MSPs:

• Offer tailored cybersecurity training for your clients to empower their teams.

• Regularly update clients on emerging threats and how your services mitigate them.

• Surprise clients with added value, such as a complimentary security assessment or system upgrade.

By consistently exceeding client expectations, MSPs can build loyalty, encourage referrals, and set themselves apart from competitors.

2. The Law of Compensation: Scale Your Reach

“Your income is determined by how many people you serve and how well you serve them.”

Scaling an MSP business isn’t just about adding clients—it’s about serving more businesses effectively. This requires creating systems and solutions that allow you to maintain high service quality as your client base grows.

Application for MSPs:

• Develop scalable solutions like automated monitoring, patch management, or AI-powered threat detection.

• Partner with vendors to offer bundled services that address multiple client needs.

• Implement client tiers, allowing small businesses to access critical services at affordable rates while upselling advanced options to larger clients.

The more clients you serve with excellence, the greater your impact—and income.

3. The Law of Influence: Build Trust and Prioritize Clients

“Your influence is determined by how abundantly you place other people’s interests first.”

Trust is at the heart of every successful MSP-client relationship. Clients rely on MSPs to safeguard their businesses from cyber threats and keep their operations running smoothly. Prioritizing their needs isn’t just good ethics; it’s good business.

Application for MSPs:

• Conduct quarterly business reviews with clients to discuss their goals and align your services with their priorities.

• Be proactive in identifying potential issues and presenting solutions before clients even notice a problem.

• Always communicate transparently, even when delivering difficult news about potential vulnerabilities or breaches.

When MSPs prioritize their clients’ success, they build trust and position themselves as indispensable partners.

4. The Law of Authenticity: Stay Genuine

“The most valuable gift you have to offer is yourself.”

In an industry where technical expertise is a given, authenticity can set your MSP apart. Clients want to work with people they trust and feel a connection with, not just a faceless company.

Application for MSPs:

• Share your story—how your MSP started, your mission, and what drives your team.

• Highlight client success stories to showcase the real-world impact of your work.

• Foster genuine connections with clients by understanding their challenges and celebrating their wins.

By being authentic, MSPs can build deeper relationships and foster loyalty that lasts.

5. The Law of Receptivity: Embrace Partnerships and Feedback

“The key to effective giving is to stay open to receiving.”

Success is a two-way street. To grow, MSPs must remain open to new opportunities, collaborations, and client feedback. This principle encourages a mindset of constant learning and adaptability.

Application for MSPs:

• Partner with cybersecurity providers, insurance firms, or other vendors to offer comprehensive solutions.

• Actively seek client feedback and use it to refine your services.

• Stay open to opportunities for professional development, whether through industry events or certifications.

When MSPs embrace collaboration and feedback, they position themselves for continuous growth and innovation.

Bringing It All Together: The Go-Giver MSP

At its core, the Go-Giver approach is about creating value, building relationships, and staying authentic in all aspects of your business. For MSPs, adopting these principles means more than just growing your bottom line—it means becoming a trusted partner to your clients, standing out in a crowded market, and making a meaningful impact.

As you head into 2025, consider how these laws can shape your strategies and help your MSP thrive. At Guardz, we’re here to support you every step of the way, offering tools and insights to help you deliver value, build trust, and grow your business.

Ready to apply the Go-Giver principles to your MSP? Let’s make 2025 a year of growth and success!

Watch the full webinar here: https://youtu.be/aAs5uhyeY-E

Stay tuned for more resources and webinars designed to empower the MSP community.

Key Takeaways from My Experience

• Preparation is Power: Having an Incident Response (IR) playbook is a game-changer during a crisis.
• Customer-Centric Thinking: Detecting and addressing customer data impact should always be the first priority.
• Collaboration and Communication Matter: Transparent communication and teamwork are essential for navigating an incident effectively.

Looking back at my career, one defining moment stands out—my first cybersecurity incident. It was chaotic, terrifying, and overwhelming. For a moment, I truly believed my career might be over. But it wasn’t. That experience, as daunting as it was, taught me lessons that shaped me into the professional I am today.

Here are my key takeaways from that intense and transformative experience.

1. Have an Incident Response Playbook

If there’s one thing I’ve learned, it’s that preparation makes all the difference. When a cyber incident strikes, panic is a natural reaction. But panic doesn’t help you manage the situation—having an Incident Response (IR) playbook does.

In my case, the IR playbook was like a lighthouse in the storm. It laid out a roadmap with predefined steps, clear roles, and specific actions. Knowing who to call and what to prioritize helped me focus on resolving the issue instead of being consumed by the chaos.

This experience taught me the importance of creating a well-thought-out plan for handling emergencies. It’s a safety net that allows you to act with clarity when everything else feels uncertain.

2. Detecting Customer Data Impact is Crucial

Amid the crisis, my first thought was: What does this mean for our customers? Determining whether customer data had been accessed or compromised was my top priority. Understanding the scope of the breach was essential to plan our response and communicate effectively.

This isn’t just a technical necessity—it’s a personal and professional responsibility. Knowing that your actions directly impact the trust people place in you can feel heavy, but it’s also empowering. It keeps you focused on doing what’s right, even in high-stakes situations.

3. Communication and Collaboration are Key

One of the biggest surprises during my first incident was realizing how much of the response depended on teamwork and communication. Handling a cyber event isn’t just about technical expertise; it’s about how well you can coordinate across teams and communicate with leadership.

I learned to work closely with IT, legal, PR, and customer service teams to form a cohesive response. Being transparent with management about what we knew—and didn’t know—was crucial in maintaining trust and enabling informed decision-making.

This experience taught me that effective communication is as important as technical skills during a crisis. It fosters trust and ensures everyone is aligned and working toward a shared goal.

4. Growth Comes from Post-Incident Reflection

Once the incident was under control, I knew the work wasn’t over. I took time to review what had happened, how we had handled it, and where we could improve.

The post-incident analysis was invaluable—it helped me refine my approach, improve our systems, and build stronger defenses. For me, this was a moment of growth. It was a reminder that every crisis, no matter how overwhelming, can teach us something valuable if we’re willing to learn.

5. Mental Resilience is Just as Important

Perhaps the most unexpected lesson was the importance of mental resilience. Dealing with a cybersecurity incident is exhausting, both mentally and emotionally. It’s easy to feel overwhelmed, but I learned the value of staying calm and composed under pressure.

Seeking support from peers and mentors helped me navigate the crisis without burning out. Over time, I’ve come to see resilience as a skill—one that grows with every challenge you face.

Final Thoughts

My first cybersecurity incident was a trial by fire, but it also became a defining moment in my career. It taught me the importance of preparation, the power of collaboration, and the need to put customers first. 

Today, as the CISO of Guardz, I draw on these lessons every day. At Guardz, we work hand-in-hand with MSPs and their teams to provide the tools and guidance they need to secure small businesses. It’s a responsibility we take seriously, knowing that MSPs are often the first—and sometimes only—line of defense for their clients. 

Ultimately, MSPs are entrusted with the security of many small businesses and, by extension, the livelihoods and trust of countless individuals. It’s a tremendous responsibility but also a shared mission we’re proud to support. Cybersecurity is rarely easy, but it’s always meaningful. Every challenge, every incident, and every lesson makes us stronger and better prepared to protect what matters most.

As 2025 looms on the horizon, MSPs are grappling with an ever-shifting cybersecurity landscape. The stakes are higher than ever, with small and medium-sized businesses continuing to face relentless cyber threats. While MSPs play a critical role in shielding these businesses, the road ahead is not without its twists and turns.

Drawing from recent insights—including our Guardz survey, which found that 77% of MSPs are struggling to manage multiple cybersecurity solutions—I want to unpack the challenges, risks, and opportunities MSPs should have on their radar for the year ahead.

Top Challenges for MSPs 

1. The Complexity Conundrum

Managing cybersecurity point solutions has become a juggling act and not a fun one. With every new tool claiming to solve the latest threat, MSPs find themselves buried under layers of complexity. Our survey underscores this pain point: nearly 8 in 10 MSPs find it difficult to consolidate their cybersecurity stack.

Why does this matter? Complexity slows response times, increases the chances of misconfigurations, and ultimately leaves gaps that cybercriminals are all too happy to exploit.

2. Identities at the core 

Account compromise is climbing the ranks as one of the most persistent and damaging cyber threats. Cybercriminals are finding new ways to exploit weak or reused credentials, phishing unsuspecting employees, and bypass multi-factor authentication (MFA) through methods like MFA fatigue attacks, stolen tokens, etc.

For MSPs, this means prioritizing solutions that protect Identities—not just at login but throughout their lifecycle. Continuous monitoring, behavioral analytics, and robust identity management strategies are becoming essential across cloud directories, email, devices, data, and training.

3. Supply Chain Attacks on the Rise

It’s no longer enough to protect your clients; you also have to worry about the vendors and partners they rely on. Supply chain attacks are becoming alarmingly common, and MSPs are often caught in the crossfire.

These attacks exploit the trust inherent in software and hardware providers, making them insidious and hard to detect. For MSPs, ensuring clients’ security now means scrutinizing third-party relationships more than ever.

The Big Risks MSPs Face

1. Underestimating the Human Factor

We like to talk about firewalls and encryption, but let’s not forget that most breaches start with a simple mistake—like clicking on a phishing link. MSPs often focus on tech solutions while overlooking the importance of training end users.

If employees at your client’s organization aren’t part of the cybersecurity conversation, you’re leaving a major vulnerability wide open.

2. Burnout of technicians 

Running an MSP is tough. Cyber threats are 24/7, and the demands on your time and energy are relentless. In addition, monitoring and implementing dozens of point solutions for every client adds more challenges and a level of constant pressure can lead to burnout, affecting your business and the quality of service you provide to clients.

3. Cyber Insurance Complexity

Cyber insurance can be a lifeline for SMBs after a breach—but obtaining and maintaining coverage has become increasingly complex. Insurers are tightening their requirements, and MSPs are often called upon to ensure clients meet them. The risk? Falling short could leave clients exposed and MSPs under fire.

Opportunities for MSPs in 2025

Amid these challenges, MSPs have opportunities to elevate their game and deliver even more value to SMB clients.

1. Consolidation is King

One of the clearest takeaways from our survey is the need for streamlined cybersecurity solutions. MSPs can differentiate themselves by adopting unified platforms that simplify management without sacrificing protection. The less time you spend wrangling tools, the more time you have to focus on strategic initiatives.

2. Leveraging AI For Faster Responses

AI is rapidly transforming cybersecurity operations, and MSPs that harness its power will gain a significant edge. AI-driven tools can automate repetitive tasks, identify threats faster than any human analyst, and deliver real-time responses to incidents.

For MSPs, AI isn’t just a luxury—it’s becoming a necessity. By integrating AI-powered solutions into their offerings, MSPs can enhance efficiency, reduce response times, and ensure a higher level of protection for their clients. This not only improves outcomes but also frees up valuable time to focus on strategy and growth.

3. Proactive Risk Management

The days of reactive cybersecurity are over. MSPs that adopt a proactive approach—focusing on threat intelligence, vulnerability management, and regular penetration testing—can set themselves apart. SMBs are looking for partners who can anticipate problems before they arise.

4. Building a Cybersecurity Culture

While tools are essential, fostering a culture of cybersecurity awareness within SMBs is equally critical. MSPs have a unique opportunity to offer training and workshops that empower employees to become the first line of defense against cyber threats.

5. Expanding Services to Include Cyber Insurance 

With the cyber insurance market tightening, MSPs can position themselves as essential partners in the application and compliance process. Offering services that help SMBs navigate these waters can open up new revenue streams and deepen client relationships.

Looking Ahead

The role of MSPs is more critical than ever. SMBs are counting on you not just to defend against threats but to guide them through an increasingly complex digital environment. By focusing on simplification, proactivity, and education, you can not only tackle the challenges of 2025 but also seize the opportunities it presents.

The cybersecurity battle is ongoing, and it’s not just about technology—it’s about strategy, people, and vision. As we lead the guard together, let’s make 2025 a year where MSPs don’t just survive but thrive.

Until next time,
Dor

Guardz is proud to announce the appointment of Esther Pinto as its new Chief Information Security Officer (CISO). Esther’s extensive background in cybersecurity, combined with her leadership and commitment to fostering inclusion and diversity, positions her as the ideal choice to further strengthen Guardz’s focus on security and innovation.

This strategic addition comes at a time when cybersecurity challenges continue to evolve, underscoring Guardz’s commitment to not only keeping pace with threats but also leading the charge in empowering Managed Service Providers (MSPs) to protect small and medium-sized businesses (SMBs).

Esther Pinto: A Visionary Cybersecurity Leader

Esther Pinto brings a wealth of experience from her work in shaping and implementing robust cybersecurity programs. She has led transformative initiatives at companies like Anecdotes, where she served as CISO and Head of Information Security, and AppsFlyer, where she developed and scaled their Information Security operations.

Her passion for creating secure environments that foster innovation has been a hallmark of her career. Esther is dedicated to advancing security programs that go beyond just protection—they are designed to inspire confidence, enable growth, and drive technological progress.

“Joining Guardz as CISO is a huge opportunity to shape the future of cybersecurity in an organization that’s leading the charge in empowering MSPs to defend SMBs from ever-evolving cyber threats,” said Pinto. “I’m driven by the challenge of building cutting-edge security programs that not only protect but also inspire innovation, and I’m excited to be a part of the exceptional team at Guardz.”

Strengthening Guardz’s Commitment to Security and Innovation

Esther’s appointment marks a significant milestone for Guardz, highlighting the company’s relentless dedication to maintaining security as the foundation of its mission.

“Esther’s arrival as CISO is a testament to Guardz’s commitment to excellence and innovation in cybersecurity,” said Dor Eisner, CEO and Co-Founder of Guardz. “Her unparalleled expertise, leadership, and vision will be instrumental as we continue to develop AI-powered solutions that protect SMBs and drive success for MSPs. We are thrilled to have her on board and look forward to the transformative impact she will bring.”

As CISO, Esther will lead efforts to secure Guardz’s internal operations, enhance product security, and drive new security strategies that align with the company’s rapid growth. Her role will be pivotal in ensuring Guardz remains at the forefront of cybersecurity innovation while continuously prioritizing the safety and success of its customers.

The Road Ahead: Building the Future of Cybersecurity

Esther Pinto’s leadership aligns with Guardz’s core mission to empower MSPs with advanced cybersecurity tools to protect SMBs against an ever-changing threat landscape. Her expertise will play a vital role in shaping the company’s next evolution of security initiatives, including:

• Enhancing Product Security: Driving the development of innovative features and security protocols to ensure Guardz products meet the highest standards of safety and reliability.
• Scaling Operations Securely: Implementing robust measures to safeguard Guardz’s own operations as the company continues its global growth.
• Inspiring Innovation: Leveraging her expertise to create security solutions that not only mitigate risks but also foster creativity and technological advancement.

Through Esther’s leadership, Guardz is well-positioned to continue delivering cutting-edge AI-powered solutions that simplify cybersecurity for MSPs and provide unparalleled protection for SMBs.

Esther Pinto’s appointment as CISO represents more than just a leadership addition—it’s a statement about Guardz’s unwavering dedication to security and innovation. With her vision and expertise, Guardz is poised to achieve even greater success in empowering MSPs and safeguarding the businesses they serve.

Welcome to Guardz, Esther Pinto!