Business Email Compromise Jumped 81%!
Electronic mail (email for short) rose to an essential part of our daily lives quite a while ago. Many people use it for a variety of purposes, including business transactions. With this increasing dependence on digital technology, cybercrime has grown. One of the significant cyber threats facing businesses today is Business Email Compromise (BEC).
Why must we pay particular attention to BEC attacks? Because they’re rising. BEC attacks jumped 81% in 2022, and up to 98% of employees fail to report the threat.
What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) represents a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individual users. Would-be criminals especially target those who perform wire transfer payments.
The scammer poses as a high-level executive or business partner. Scammers send emails to employees, customers, or vendors. These emails request them to make payments or transfer funds in some form.
According to the FBI, BEC scams cost businesses around $1.8 billion in 2020. That figure increased to $2.4 billion in 2021. These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.
How Does BEC Work?
BEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees. They gain knowledge about the company’s operations, suppliers, customers, and business partners.
This information is often freely available online. Scammers can find it on sites like LinkedIn, Facebook, and organizations’ websites. Once the attacker has enough information, they can write a convincing email designed to appear to come from a high-level executive or a business partner.
The email requests the recipient to make a payment or transfer funds. The request comes across as an “urgent and confidential matter!” Examples include a new business opportunity, a vendor payment, or a foreign tax payment.
The email works at creating a sense of urgency, compelling the recipient to act quickly. The attacker will probably also use social engineering tactics, such as posing as a trusted contact or creating a fake website that mimics the company’s site. These tactics make the email seem more legitimate.
If the recipient falls for the scam and makes the payment, the attacker will make off with the funds. Of course, this leaves the victim with financial losses.
How to Fight Business Email Compromise
BEC scams can be challenging to prevent. That being said, there are measures businesses and individuals can take to cut the risk of falling victim to them.
Educate Employees
Organizations must educate their employees about the risks of BEC. Education includes providing training on how to identify and avoid these scams. Just shut them down. Employees must remain aware of the tactics used by scammers. For example, urgent requests, social engineering, and fake websites offer traps.
Training should also include email account security, including:
- Checking their sent folder regularly for any strange messages
- Using a strong email password with at least 12 characters
- Changing their email password regularly
- Storing their email password in a secure manner
- Notifying an IT contact if they suspect a phishing email
Enable Email Authentication
Organizations must implement email authentication protocols.
This includes:
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM)
These protocols assist in verifying the authenticity of the sender’s email address. Protocols also reduce the risk of email spoofing, which is where a hacker can steal a real email address. Another benefit of these protocols is to keep your emails from ending up in junk mail folders.
Deploy a Payment Verification Processes
Organizations should deploy payment verification processes, such as two-factor authentication. Another useful protocol is confirmation from multiple parties. These protocols ensure that all wire transfer requests are legitimate. It’s always better to have more than one person verify a financial payment request.
Check Financial Transactions
Organizations must check all financial transactions. Search out irregularities, such as unexpected wire transfers or changes in payment instructions.
If the company doesn’t perform these reviews according to a schedule, it is easy for them to get forgotten. Set up a calendar item for the review of financial transactions. Develop a schedule that makes sense for your business and transaction volume.
Establish a Response Plan
Organizations should establish an immediate response plan for BEC incidents. This plan includes procedures for reporting the incident, in addition to freezing the transfer and notifying law enforcement.
Use Anti-phishing Software
Businesses and individuals should use anti-phishing software to detect and block fraudulent emails. As AI and machine learning gain widespread use, these tools become more effective.
The use of AI in phishing and anti-phishing technology continues to increase. It’s all a part of the cyber arms race. Businesses must be vigilant and take steps to protect themselves, since they’re on the front lines.
Why Is This Published By A Business Phone Company?
Here at NoContractVoIP, we believe that your success creates our success. And, since we specialize in business communication, we work to help you communicate better while staying safe. We create the cutting edge communication systems that modern companies need. And we geek out on tech stuff, so we study it for you.
To talk to a business phone system specialist and never worry about any of this again, call 866-550-0005 or contact us today.
To get the latest helpful content delivered to your inbox every month, subscribe to our newsletter here.