According to the latest figures from the FBI, Business Email Compromise (BEC) schemes have resulted in at least $3.1 billion in losses to approximately 22,000 enterprises in 79 countries over the past two years. A BEC is generally a low cost, low risk scam carried out by hackers. This cyber-attack typically has a high rate of return for online criminals as they compromise legitimate business email accounts through social engineering or computer intrusion techniques and conduct unauthorized transfers of funds.
BECs will remain a prominent threat and will continue to be used in targeted scams. The victims of BEC attacks range from small business to large corporations. Cyber criminals most commonly target the CFO or members of the Financial Department, however, everyone in the organization should be aware of the dangers. Organizations that utilize robust prevention techniques have proven highly successful in recognizing and deflecting BEC attempts. Here’s how:
- Establish a practice with your bank that requires phone verification for money transfers as a part of the two-factor authentication process. In addition, use a secondary signoff from your organization to ensure the validity of the transfer.
- Educate and train employees to raise their awareness about BECs. Humans are often the weakest link when it comes to cyber security. Incorporate quarterly mock phishing exercises to help your employees identify these emails.
- Carefully scrutinize all emails. Look at the sender’s domain name, any links contained in the body, and the email subject line. Scammers will often use variations of common email addresses, links infected with malware, and urgent email subjects to prey on unsuspecting individuals.
- Instead of replying to the email, use the forward option and type the email address into the address bar to ensure this is the correct email address from your address book.
Businesses with an increased awareness and understanding of BEC scams are more likely to realize when they are targeted and less likely to fall victim to these cyber criminals. If you would like to implement employee training and cyber security safeguards to protect your organization, please CONTACT US.