Business Email Compromise (BEC) is a type of cyber attack in which someone targets a business to defraud it. Usually, attackers either steal email credentials or create an email similar to the company they’re targeting (for example, a supplier or a client) and ask for a money transfer to be done. These scams have many purposes, such as demanding wire transfers, acquiring sensitive information, or simply hacking systems.
These attacks can be devastating to any company. In recent years, there has been an upwards trend in the frequency of these attacks. In 2021 alone, the FBI reported nearly 20,000 BEC complaints, with correspondent losses at almost $2.4 billion.
Types of BEC scams
The FBI divides BCE scams into five types:
Data Theft: Attackers target HR employees to acquire sensitive data from people within the company, such as the CEO or other top-level employees. For instance, the information obtained can be used in future attacks by requiring payment to give back the information (extortion).
Attorney Impersonation: In this type of cyber attack, the scammer will email the CEO or high-level management employees. They will identify as an attorney dealing with sensitive or time-urgent matters. The attacker will ask for funds to be transferred immediately. This is usually performed at the end of the week when people are more prone to fatigue and panic.
CEO Fraud: Scammers will position themselves as high-level executives such as CFO, CEO, CTO and send an email to the financial department demanding wire transfers to be done to a fraudulent account they control.
Account Compromise: After hacking into an employee’s email account, attackers will send emails to vendors present in the contact list demanding wire transfers to accounts controlled by them.
False Invoice Scheme: In this type of BCE scam, the spammer poses as a legitimate vendor with whom your business works. They demand payments to be made concerning a future invoice, often sending a fake bill that resembles the real one.
Tips to prevent BEC scams
Perform awareness-raising campaigns: The more informed your employees, the more you can prevent BEC scams. Routinely perform security checks on BEC knowledge to avoid unpleasant surprises.
Set up multifactor authentication: This is an essential practice that every company should adopt. It makes it harder for attackers to spoof or hack your email.
Use email authentication tools: You can use email authentication to make it harder for spammers to spoof your emails. Some examples include DomainKeys Identified Mail (DKIM), Sender Policy Framework (SPF), Reporting and Conformance (DMARC), and Domain-based Message Authentication.
If you are a victim of BEC scams, start by assessing the level of data and sensitive information exposure. You should always allow professionals to take over from here and contact our SkyRiver IT’s managed IT services. With experienced engineers, we can help you solve major issues and restore your security.
BEC scams have been an increasing phenomenon in recent years. They come with very severe consequences not only in terms of money but also in terms of information and sensitive data that can be compromised.
We at Skyriver IT can provide expert help and get you out of trouble. We provide multiple tech solutions such as L1, L2 and L3 support, 24x7 help desk, remote management, and onsite technical assistance. If you have any questions, feel free to contact us!