Cybersecurity BEC

Email is a crucial part of our lives, but we must acknowledge the growing danger of cybercrime. One of the most significant threats we face is Business Email Compromise (BEC), which is becoming more prevalent. We must remain vigilant and watch out for BEC attacks to protect our business.

BEC attacks increased by 81% in 2022, and 98% of employees failed to report them. This is unacceptable, and we must take action to protect ourselves and our organizations from these malicious attacks.

Business Email Compromise Jumped 81% Last Year! Learn How to Fight It

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a scam that targets businesses and individuals who perform wire transfer payments.

Scammers use fraudulent emails to pose as high-level executives or business partners and request payments or fund transfers. The FBI reports that these scams cost businesses around $1.8 billion in 2020, which increased to $2.4 billion in 2021. It is crucial to remain vigilant, careful, and informed about the most recent BEC tactics by training your teams to prevent losses from BEC scams, both financially and reputation-wise.

How Does BEC Work?

Cybercriminals who engage in Business Email Compromise (BEC) attacks are highly skilled and sophisticated, making it challenging to detect their schemes.

They conduct extensive research on the target organization and its staff, gathering information on the company’s suppliers, customers, operations, and business partners, which can be easily obtained from websites like LinkedIn, Facebook, or the organization’s website.

Once they have enough information, they craft a persuasive email that appears to be from a high-ranking executive or business partner. The email typically requests the recipient to urgently transfer funds or make a payment for a confidential matter, such as a new business opportunity, vendor payment, or foreign tax payment.

These emails create a sense of urgency and may use social engineering tactics, like posing as a trusted contact or creating a fake website that resembles the company’s site, to make the email appear legitimate. If the recipient falls for the scam and makes the payment, the attacker will steal the funds, leaving the victim with financial losses.

 

The following is a step-by-step list of actions that most scammers will follow.

  1. Conduct research on the target organization and its employees.
  2. Gather information about their operations, suppliers, customers, and business partners.
  3. Create a convincing email, often appearing to be from a high-level executive or business partner.
  4. Request an urgent and confidential payment or fund transfer, such as for a new business opportunity, vendor payment, or foreign tax payment.
  5. Create a sense of urgency and use social engineering tactics, like posing as a trusted contact or creating a fake website that mimics the company’s site, to make it seem more legitimate.
  6. Wait for the recipient to fall for the scam and make the payment.
  7. Take off with the funds, leaving the victim with financial losses.

How to Fight Business Email Compromise

BEC scams are difficult to prevent. Businesses and individuals can minimize or even eliminate the risk of falling victim to them by implementing the following tips and proper corporate training.

 

  1. Continuously Educate Employees
  2. Enable Email Authentication
  3. Create a Payment Verification Process
  4. Check Financial Transactions
  5. Create a Response Plan
  6. Implement Anti-phishing Software

Continuously Educate Employees

Organizations should train employees to identify and avoid Business Email Compromise scams. This includes educating them on common tactics used by scammers and email account security measures.

 

  • Checking the sent folder for strange messages
  • Using a strong email password with at least 12 characters
  • Changing passwords regularly
  • Having a secure way to store passwords
  • Notifying the IT team of any suspicious message

Enable Email Authentication

Organizations should implement email authentication protocols, including:

  • Domain-based Message Authentication, Reporting, and Conformance (DMARC)
  • Sender Policy Framework (SPF)
  • DomainKeys Identified Mail (DKIM)

These protocols help verify the authenticity of the sender’s email address. They also reduce the risk of email spoofing. Another benefit is to keep your emails from ending up in junk mail folders.

Contact us if you need help setting up Email authentication.

Create a Payment Verification Process

Companies should utilize payment verification methods like two-factor authentication and confirmation from multiple parties to enhance security. By doing so, they can ensure that all wire transfer requests are genuine. Having more than one person approve a financial payment request for added protection is advisable.

Check Financial Transactions

Companies should utilize payment verification methods like two-factor authentication and confirmation from multiple parties to enhance security. By doing so, they can ensure that all wire transfer requests are genuine. Having more than one person approve a financial payment request for added protection is advisable.

Create a Response Plan

Organizations need to have a plan in place to respond to BEC incidents. This should include clear procedures for reporting the incident, freezing any transfers, and informing law enforcement.

Implement Anti-phishing Software

To prevent fraudulent emails, both businesses and individuals can utilize anti-phishing software. These tools become even more effective as AI and machine learning become more widely used. However, companies must remain vigilant against the increasing use of AI in phishing technology and take necessary steps to protect themselves.

Need Help with Email Security Solutions?

Protect your business emails from unauthorized access and prevent the loss of money from your account. Contact NCP now to learn more about our email security solutions.

Article used with permission from The Technology Press.

You might also like

Proactive Monitoring and Maintenance

Keep your business running & protected from external threats

~

Backup and Disaster Recovery

Recover & protect critical data from unexpected tragedies

Remote Employee Configuration And Monitoring

Secure your remote employee’s network access

Managed Antivirus and Malware Protection

Protect your business from sophisticated cyber attacks

Security Assessment and Training

Analyze your security posture & train employees to defend against the latest threats

Help Desk Access

Solve all your technical issues with a friendly & reliable helpdesk

Remote Setup and Monitoring

Protect remote workers with proper employee configuration

Network Management

Boost your productivity with efficient network management

Proactive Monitoring and Maintenance

Avoid downtime and fix issues as they arise

~

Backup and Disaster Recovery

Keep your business up & running throughout unforeseen events

Construction & Engineering

Manufacturing & Wholesalers

Architecture Firms

CPA & Accounting Firms

Dental Offices

Small Business

Hospitality

Nonprofit

Legal