Today, cybercriminals are devising new strategies and increasingly complex tactics to succeed in their malicious intentions. Every other day, we hear about a new cybercrime that sends business owners all around the world into a state of frenzy.
Every business, whether big or small, uses email as its primary medium of conversation. From vendors to customers, most companies usually use email to converse with all concerned parties. This makes email a favorite target of cybercriminals.
From phishing to spoofing, modern-day businesses are battling several email attacks all at once. Business Email Compromise (BEC) is another email threat that is becoming all too common these days.
Business Email Compromise is a tactic that scammers leverage to defraud businesses and harm them financially. Over the years, BEC has become one of the most severe and financially damaging cyber crimes.
So, what exactly is BEC and how can you protect your business from falling victim to it? We are going to tell you everything about it and more. Keep reading!
What Exactly is Business Email Compromise (BEC)?
Business Email Compromise is also called Email Account Compromise (EAC). The FBI defines BEC as “scams where criminals send an email message that appears to come from a known source making a legitimate request.”
Simply put, Business Email Compromise or BEC is an online crime where the cybercriminal impersonates a trusted person or source of the victim like a vendor, senior employee, or a manager. They then send emails to the victim and try to trick them into making payments to a fraudulent bank account. These emails come from a very genuine-looking email address and thus, the victim never questions their credibility.
For example, an attacker may impersonate a vendor the victim’s company deals with regularly. The attacker can say that the last payment made by them didn’t go through and request them to resubmit the invoice payment.
The email would be crafted with near perfection. This implies that the victim would be able to
see the real vendor’s name in the email header along with all the other relevant information. They would have no reason to doubt the request. Thus, they would end up making the payment that would eventually go into the scammer’s bank account.
Research suggests that almost 65% of organizations globally suffered from BEC in 2020. This is extremely alarming – not only for businesses but individuals as well. Each of us continues to depend on email for most of our professional conversations. Thus, it is important to always stay vigilant when navigating email.
Common Types of BEC Attacks
There are several ways in which scammers can try to defraud you through email. Here are the most common types of BEC attacks that you should be aware of.
In this type of attack, the scammer impersonates the CEO or a senior executive of a company to deceive the victim. The attacker usually targets the employees of the finance department and asks them to make payments to their account, make some expensive purchases, etc.
Vendor Email Compromise
Here, the scammers impersonate a trusted vendor or supplier of the victim. They then send a bogus invoice to the victim and request payments into a fraudulent bank account.
This is one of the sneakiest types of BEC attacks. Here, the attacker doesn’t make any money-related requests. Instead, they try to obtain sensitive information about the company’s high-profile executives.
The HR account is the main target of data theft attacks. The scammer tricks HR into revealing information about the CEO, senior managers, high-profile clients, and others.. They then use this information to craft fake emails and carry out BEC attacks.
How Can You Protect Yourself Against Business Email Compromise?
While you may think you’d be able to spot a suspicious email when you receive one, it is not as easy as it sounds. BEC attacks are quite difficult to prevent. This is because the attacker doesn’t use malware or viruses to infect your system. Instead, they leverage social engineering
techniques to impersonate a trusted source to deceive you.
Professional scammers have become so good at what they do that even well informed people who know about cyber threats fail to spot them in real life. This is the reason why losses from BEC attacks reached a whopping $1.7 billion in 2019.
But this doesn’t mean you can’t do anything to protect yourself from compromising your business email. You certainly can, and we are going to tell you how.
Avoid Sharing Too Much About Yourself Online
As a business owner, you should always be extra cautious about what kind of personal information you share online. This is because anyone can use this information to impersonate you and deceive your employees through spam and fake emails.
Moreover, avoid sharing your information like your birthday, pet’s name, names of friends or family members, and other private information online. Scammers can use such information to guess your passwords and take control of your email account.
Multi-Factor Authentication Can Be Your Savior
Another excellent way to protect your business email from getting compromised is by enabling two-factor authentication or multi-factor authentication on your accounts. This provides an additional layer of security to your data. MFA makes it difficult for the attacker to access your accounts even if they have guessed your password.
Invest in a Good Email Security Gateways
High-quality email security solutions take your email security several notches higher. They do a fantastic job of identifying spam, suspicious emails, phishing attacks like BEC, and email spoofing. A top-notch email security solution is worth every penny that you’d have to spend on it.
Pay Close Attention to the Sender’s Email Address, URL, and Other Information
Most of us don’t pay much attention to the email address and URL of the sender. Scammers use this to their advantage. They trick you by sending emails from a slightly different email address that would be too difficult to notice.
Therefore, you must always pay special attention to the spelling of the sender’s email address, check the URL, and examine other crucial information used in the correspondence. If any of the information doesn’t match that of your actual client’s name, do not trust that email.
Personally Verify Every Payment and Purchase Request
Whenever you receive a payment or purchase request via email, make sure to always verify it in-person or by phone. Doing so will help you verify its credibility and ensure that you are not being tricked by some scammer.
This is especially important when the email’s sender requests you to make a payment to a different bank account or follow a new payment process.
Train Your Employees
Training your employees about email safety practices is vital in your war against BEC. Make sure that your employees know how to recognize spam, phishing, or fraudulent email and take the necessary actions against them.
Encourage your employees to always ask for clarification if they are doubtful of a payment request before authorizing these transactions. Moreover, ask them to never download anything or click on any link that came from an unsolicited email address. They must always report and delete such emails.
The Bottom Line
Email is an incredibly useful communication medium for businesses and individuals alike. We cannot even imagine our lives without it. Thus, while being a lifesaver, email also continues to be one of the most preferred ways for cybercriminals to carry out their malicious schemes.
It is extremely important to leverage every fraud prevention practice to guard your safety and that of your organization’s. Make sure to use the above-mentioned BEC prevention techniques, stay vigilant, and analyze every email with a critical eye. Don’t put your finances or data at risk. Take steps to protect yourself and your organization today.
Tech Masters helps business owners protect their data and finances with top-notch, comprehensive security solutions, individually tailored to meet your organization’s unique needs. Contact us today to learn more and to get your free business IT assessment.
For more information about protecting your business email, check out our frequently asked questions and answers below.
How do I protect my business email?
Here are some tips to keep you and your business safe.
- Use a unique and difficult password
- Enable multi-factor authentication on your email account
- Never click or download any attachment that came from a suspicious email address
- Turn off the automatic forwarding feature to external email addresses
- Trust your intuition. If something with an email seems off or unusual to you, it’s better to take the long route and investigate it. Taking a risk in such matters isn’t worth it.
Is BEC a form of phishing?
Yes, BEC or Business Email Compromise is a form of phishing. It is a type of email phishing attack where the scammer impersonates a credible source of the target user and tricks them into giving away sensitive information or making payments to them.
What makes an email suspicious?
Here are some major telltale signs of a suspicious email:
- Spelling and grammar mistakes in the email address, domain name, etc.
- A poorly written email with errors, misspellings and awkward language and syntax.
- Unusual greeting and tone.
- Payment requests possessing an unusually short deadline.
- Presence of suspicious attachments and links.
Want new articles sent right to your inbox?
Subscribe to our Monthly Tech Guide.
More Blog Posts
Choosing a Cloud Backup Solution for Your OrganizationFor most organizations, data loss is one of the most devastating things that can happen. Losing vital company information can result in insurmountable losses, totaling in hundreds of thousands or millions of...
6 Ways to Protect Yourself from Online AttacksWIth every passing year, our reliance on computers, digital technology, online media,and cloud applications increases. We rely on these tools to stay connected, exchange vital information, run our businesses, create,...
3 Important Things to Consider When Choosing the Right Data Backup SolutionMost of us understand that protecting our data is important. But do we fully grasp just how imperative it is for every part of our business? Data security and recovery is a key foundation stone...