Business Email Compromise - How to Protect Your Company

Written By Van Murray

What is Business Email Compromise (BEC)?

Business Email Compromise (BEC) is a sophisticated cybercrime tactic where attackers impersonate legitimate individuals within a company, most often executives or vendors, to trick employees into sending money or sensitive data. These scams are highly targeted and rely on social engineering techniques to exploit human trust and urgency.

Why is BEC so Dangerous?

BEC scams are particularly dangerous because they leverage familiarity and trust within a company. Unlike traditional spam emails with glaring red flags, BEC emails often appear to come from known senders, with carefully crafted subject lines and email addresses that closely resemble legitimate contacts.

Common BEC Scams:

  • CEO Fraud: Attackers impersonate the CEO or another high-level executive, instructing employees to urgently wire transfer funds to a specific account, often for a fictitious purpose.

  • Account Payable Spoofing: Scammers pose as a vendor and send emails requesting a change in payment instructions, diverting funds to a fraudulent account.

  • W-2 Email Phishing: Attackers target human resources personnel, requesting employee W-2 forms or other sensitive tax information under the guise of legitimate business needs.

How to Protect Your Business from BEC Attacks:

  • Employee Training: Regular cybersecurity awareness training is crucial. Educate employees on BEC tactics, red flags to watch for, and proper procedures for verifying requests, especially those involving money transfers or data sharing.

  • Multi-Factor Authentication (MFA): Enforce MFA for all company email accounts and other sensitive systems. MFA adds an extra layer of security, requiring a secondary verification step beyond just a username and password.

  • Email Authentication Protocols: Implement email authentication protocols like DKIM, SPF, and DMARC. These protocols help verify the legitimacy of incoming emails and prevent spoofing attempts.

  • Segregation of Duties: Establish clear separation of duties within your financial processes. No single employee should have complete control over initiating or approving payments.

  • Verification Procedures: Always double-check requests, especially those involving urgent wire transfers or changes in payment instructions. Verify directly with the sender through a trusted communication channel (phone call) before proceeding.

  • Secure Email Solutions: Consider investing in secure email solutions with advanced spam filtering, phishing detection, and suspicious attachment scanning capabilities.

  • Reporting and Monitoring: Encourage employees to report any suspicious emails to the IT security team. Regularly monitor email logs for unusual activity or unauthorized access attempts.

What to Do If Your Business is Targeted by a BEC Attack:

If you suspect a BEC attack is underway, take immediate action:

  • Stop the Transaction: If a fraudulent payment is being processed, contact your bank or financial institution as soon as possible to try and halt the transfer.

  • Secure Your Systems: Change passwords for compromised accounts and implement additional security measures to prevent further breaches.

  • Report the Attack: File a complaint with the FBI's Internet Crime Complaint Center (IC3) to help law enforcement track and apprehend cybercriminals.

Conclusion:

Business Email Compromise scams are a serious threat, but by following these preventative measures and fostering a culture of cybersecurity awareness within your company, you can significantly reduce your risk of falling victim. Remember, vigilance and a proactive approach are key to safeguarding your business from financial losses and reputational damage caused by BEC attacks.

Don't wait until it's too late! Take action today to protect your business from BEC scams.

Van Murray
Previous

Protecting Yourself from Ransomware Attacks Through Email Security
Next

Email Security Best Practices for Educational Institutions