Business Email Compromise (BEC) is on the rise. Protect your organization by understanding how cybercriminals pull off BEC scams and strengthening your email security systems.
According to the FBI, business email compromise (BEC) scams have already caused over $2 billion in financial losses to organizations in the last few years. However, in 2020 alone, the losses alone were staggering, with a reported 19,369 complaints, with the average loss per victim increasing by 29%.
In 2020, BEC incidents rose rapidly quarter after quarter, with BEC scams related to payment, billing, and invoices skyrocketing by 155%. But how do BEC scams work, and why have cybercriminals been so successful at pulling them off? Here’s what you should know about BEC and how your organization can prepare for them.
What is a Business Email Compromise?
Business email compromise (BEC) is also known as email account compromise (EAC). With a BEC scam, cybercriminals take advantage of the fact that email is the primary avenue for personal and professional communication.
The BEC scam typically starts with deep research on the victim and the company they work for, paying particular attention to the organization’s decision-makers. The criminal will look through publicly available information that they will likely find on the company website, social media, and press releases. Once they’ve identified a leader in the company, they will hack into that person’s email account and impersonate them. From there, the criminal can email their victim and other employees to make requests such as sending money or sensitive data.
Another technique is to create an email using a spoofed domain. Because spoofed domains are designed to fool the recipient, the names usually closely resemble the actual domain. For those not paying close attention to the slight variations, it’s easy to miss the domain trick. Believing they’ve received a trustworthy email, the recipient may carry out what seems to be a legitimate request and end up sending money or confidential data to the scammer.
How to prevent becoming a BEC victim
Pay close attention to financial requests
Any requests that involve payments and billing should be examined closely before taking any action. It may help to verify any payment and purchase requests in person or by phone to ensure the request is legitimate. Be more suspicious when the sender is pressuring the recipient to act quicker than they usually would. According to Statista, the most common keywords used in BEC scams include urgent, request, important, and payment.
Increase employee awareness
Educate employees on BEC scams, especially the research that criminals conduct to gain the information they need to identify the right target and compromise email accounts. Because scammers go online to gather intel by sifting through publicly available resources, your employees may need to be more aware of what they post online.
Examine email addresses carefully
Don’t fall for the spoofed email domain technique by checking the email address’s URL and spelling. If you have weak email security systems in place, these emails can still end up in your inbox.
Strengthen email security systems
A robust email security system protects your organization by preventing scammers from compromising the email accounts they may eventually use to trick their victims. These platforms should use sophisticated mechanisms and technologies to stay ahead of the latest email threats, such as anti-fraud, DLP, anti-spoofing, Sandbox-based Malware Analysis.