Email has become an important part of our everyday lives in recent years. Email is used for both personal and business purposes. The growth of digital technology has increased cybercrimes targeting emails. Businesses are at particularly high risk for Business Email Compromise (BEC) where hackers target employees’ business email accounts and impersonate company executives through spoofed emails.
In 2022 the number of victims rose to 81% and up to 98% of workers do not report the danger.
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. The main targets are those who make wire transfer payments.
The scammer will pretend to be a high-level executive or business partner and send emails to workers, clients, and vendors. These emails will request payments or funds using a variety of reasons.
The FBI reports that BEC scams cost businesses $1.8 billion in 2020. That figure increased to $2.4 billion in 2021. These scams can cause serious financial losses to individuals and businesses. They can also damage their reputations.
How Does BEC Work?
BEC attacks are usually well-designed and well-executed, making it challenging to identify them. The attacker initially analyses the target organisation and its employees. This helps them gain knowledge of the company’s operations, suppliers, customers, and business partners.
Social media sites such as LinkedIn, Facebook and Twitter offer a lot of public information that can be used by attackers. This information is used to create emails to convince anyone that they come from a high-level executive or business partner.
The emails will usually request a payment or a fund transfer. It will always contain a sense of urgency to prompt the reader to take immediate action. The sender may also use social engineering techniques to pretend or mimic a reputable contact or company website.
If the recipient falls for the scam and makes the payment, the attacker will be successful in his attempt. The victim will suffer a financial loss.
How to Fight Business Email Compromise
BEC scams can be difficult to avoid. However, individuals and organisations can take measures to prevent falling victim to them.
#1 Educate Employees
Organisations should proactively train all employees on the risks of BEC. This should include providing training on how to identify and steer clear of these scams. Staff need to be aware of the strategies used by scam artists. For example, urgent requests, social engineering, and fake websites.
Topics to be covered in the training should include:
- Utilising strong email passwords
- Changing passwords regularly
- Storing passwords securely
- Checking sent folder for strange messages
- Notifying IT if they suspect a phishing email
#2 Enable Email Authentication
Organisations should implement email authentication protocols such as:
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Sender policy framework (SPF)
- DomainKeys Identified Mail (DKIM)
These protocols help verify the authenticity of the sender’s email address and reduce the risk of email spoofing. Another benefit is to keep your email from ending up in junk mail folders.
#3 Deploy a Payment Verification Processes
Organisations should implement payment verification processes such as two-factor authentication. Furthermore, it should also require some form of secondary identification for better protection. This makes sure that all wire transfer requests are legitimate. It is always better to have more than one person to verify a financial payment request.
#4 Check Financial Transactions
Organisations should check all financial transactions. Keep an eye out for irregularities, such as sudden wire transfers or changes in payment instructions.It is easy to forget to go over them on a schedule. Set up a calendar reminder for financial paperwork. Make use of a strategy that is appropriate for your sales volume and transaction volume.
#5 Establish a Response Plan
Organisations should develop a response plan for BEC incidents. This plan should include procedures for reporting the incident. In addition to halting the transfer and notifying the police.
#6 Use Anti-phishing Software
Businesses and individuals can use anti-phishing software to find and block fraudulent emails. As artificial intelligence and machine learning become more popular, these software programs become more effective. The use of AI (Artificial Intelligence) in phishing technology continues to increase. Businesses must take protective measures to protect themselves.
Need Help with Email Security Solutions?
It only takes a moment for money to be moved out of your account and be unrecoverable. Don’t leave your business email unprotected. Call us on 1300 440 444 to discuss the best-fit email security solutions.