Cybersecurity BEC
Email is a crucial part of our lives, but we must acknowledge the growing danger of cybercrime. One of the most significant threats we face is Business Email Compromise (BEC), which is becoming more prevalent. We must remain vigilant and watch out for BEC attacks to protect our business.
BEC attacks increased by 81% in 2022, and 98% of employees failed to report them. This is unacceptable, and we must take action to protect ourselves and our organizations from these malicious attacks.
Business Email Compromise Jumped 81% Last Year! Learn How to Fight It
Business Email Compromise Prevention
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a scam that targets businesses and individuals who perform wire transfer payments.
Scammers use fraudulent emails to pose as high-level executives or business partners and request payments or fund transfers. The FBI reports that these scams cost businesses around $1.8 billion in 2020, which increased to $2.4 billion in 2021. It is crucial to remain vigilant, careful, and informed about the most recent BEC tactics by training your teams to prevent losses from BEC scams, both financially and reputation-wise.
How Does BEC Work?
Cybercriminals who engage in Business Email Compromise (BEC) attacks are highly skilled and sophisticated, making it challenging to detect their schemes.
They conduct extensive research on the target organization and its staff, gathering information on the company’s suppliers, customers, operations, and business partners, which can be easily obtained from websites like LinkedIn, Facebook, or the organization’s website.
Once they have enough information, they craft a persuasive email that appears to be from a high-ranking executive or business partner. The email typically requests the recipient to urgently transfer funds or make a payment for a confidential matter, such as a new business opportunity, vendor payment, or foreign tax payment.
These emails create a sense of urgency and may use social engineering tactics, like posing as a trusted contact or creating a fake website that resembles the company’s site, to make the email appear legitimate. If the recipient falls for the scam and makes the payment, the attacker will steal the funds, leaving the victim with financial losses.
The following is a step-by-step list of actions that most scammers will follow.
- Conduct research on the target organization and its employees.
- Gather information about their operations, suppliers, customers, and business partners.
- Create a convincing email, often appearing to be from a high-level executive or business partner.
- Request an urgent and confidential payment or fund transfer, such as for a new business opportunity, vendor payment, or foreign tax payment.
- Create a sense of urgency and use social engineering tactics, like posing as a trusted contact or creating a fake website that mimics the company’s site, to make it seem more legitimate.
- Wait for the recipient to fall for the scam and make the payment.
- Take off with the funds, leaving the victim with financial losses.
How to Fight Business Email Compromise
BEC scams are difficult to prevent. Businesses and individuals can minimize or even eliminate the risk of falling victim to them by implementing the following tips and proper corporate training.
Continuously Educate Employees
Organizations should train employees to identify and avoid Business Email Compromise scams. This includes educating them on common tactics used by scammers and email account security measures.
- Checking the sent folder for strange messages
- Using a strong email password with at least 12 characters
- Changing passwords regularly
- Having a secure way to store passwords
- Notifying the IT team of any suspicious message
Enable Email Authentication
Organizations should implement email authentication protocols, including:
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
These protocols help verify the authenticity of the sender’s email address. They also reduce the risk of email spoofing. Another benefit is to keep your emails from ending up in junk mail folders.
Contact us if you need help setting up Email authentication.
Create a Payment Verification Process
Companies should utilize payment verification methods like two-factor authentication and confirmation from multiple parties to enhance security. By doing so, they can ensure that all wire transfer requests are genuine. Having more than one person approve a financial payment request for added protection is advisable.
Check Financial Transactions
Companies should utilize payment verification methods like two-factor authentication and confirmation from multiple parties to enhance security. By doing so, they can ensure that all wire transfer requests are genuine. Having more than one person approve a financial payment request for added protection is advisable.
Create a Response Plan
Organizations need to have a plan in place to respond to BEC incidents. This should include clear procedures for reporting the incident, freezing any transfers, and informing law enforcement.
Implement Anti-phishing Software
To prevent fraudulent emails, both businesses and individuals can utilize anti-phishing software. These tools become even more effective as AI and machine learning become more widely used. However, companies must remain vigilant against the increasing use of AI in phishing technology and take necessary steps to protect themselves.
Business Email Compromise Prevention
Need Help with Email Security Solutions?
Protect your business emails from unauthorized access and prevent the loss of money from your account. Contact NCP now to learn more about our email security solutions.
Article used with permission from The Technology Press.
You might also like
Latest LastPass Scam: Everything you should know
Understanding and Protecting Yourself from the Latest LastPass Scam After a sophisticated...
The Hidden and Unexpected Costs of a Data Breach: Navigating the Cybersecurity Iceberg
The Iceberg Effect of Data Breaches Data breaches stand out as particularly devastating icebergs...
Navigate the Shifting Sands of Cybersecurity in 2024: Insights from South Florida’s Network Computer Pros
Cybersecurity in 2024 is a dynamic battleground, with new challenges and solutions emerging with...