In the world of online business, it’s safe to say that hackers never take the day off. These virtual con artists go out of their way to constantly evolve and adapt as they adjust and tweak their tactics to infiltrate even the most secure of businesses.
While a great deal of information regarding cybersecurity highlights concerns about ransomware, Business Email Compromise (BEC) has often flown quietly under the radar, despite causing significant financial losses.
What is Business Email Compromise?
BEC is a term used for a scam where criminals send an email message from a known source, making what seems to be a genuine request.
For example, a financial director could receive an email from the CEO of their firm requesting that the finance department transfer a sum of money over to a vendor for computer equipment. As everything seems to align with the business strategy, the transaction is completed, and the scam is only noticed after it’s too late.
How does the scammer gain access to the information needed? Well, the process may look a bit like this:
- The scammer may have started the process by using malicious software, or malware, to infiltrate the company network, thus gaining access to confidential email threads.
- The person will then send spear-phishing emails that look like they are from a trusted source, such as a vendor or board member, to trick recipients into revealing confidential information, like bank account details or calendars.
- The scammer might also have subtly changed the website or email address to look legitimate by slightly varying the address. For example, john.smith@yourcompany.com may become john.smth@yourcompany.com (simply removing one letter).
- The BEC criminal will then use the information gained to craft an email that sounds like it comes from management, with sufficient details to trick the unwilling victim.
As you can see, every business needs to be at the top of its game to ensure it doesn’t fall victim to a scam like this one.
Is Your Business Vulnerable?
The FBI Internet Crime Complaint Center put out a report in May 2022 showing an alarming rise in BEC attacks. From July 2019 to December 2021, the losses from these attacks rose by 65%, and they now make up 35% of all cybercrime losses globally. These attacks have affected corporations of all sizes and industries in 177 countries. The BEC threat actors are constantly improving their tactics and are currently the largest threat that security researchers aren't talking about.
How to Protect Your Business
The internet is a wonderful invention, but it can be a dangerous one too. Even with just bare basic skills, personal details are available at the drop of a hat and, it hasn’t taken hackers long to piece the puzzle together.
Here are our top five tips on how to protect your business:
- Play your cards close to your chest and be conscious of how openly you share details, including details such as schools you’ve attended, pet names, links to family members and your birthday. This information could arm your scammer with all the necessary data to guess your passwords or answers to security questions.
- Take care when clicking on links within emails, no matter how legitimate they seem. If a company or financial institution asks you to verify your details, look up the company phone number and give them a call to check on the legitimacy. Delete these emails without replying or engaging with the scammer in any way.
- Make a habit of scrutinising sender information and getting to know the email addresses of the people with whom you frequently communicate.
- Never open email attachments from unknown senders or forwarded emails. It’s just not worth the risk.
- Use two-factor or multi-factor authentication whenever possible on sites that require logins and passwords, and ensure it is never disabled.
We offer a multi-layered approach to cybersecurity services that assist with your business's every need. Let us manage your security and keep your business out of harm’s way, so security comes off your to-do list and resides with us. It’s as simple as that.
