You need a good cyber security strategy because business email compromises (BEC) have dramatically increased over the last several years, causing a great deal of damage to businesses of all sizes. This is partly due to the simplicity and high returns of business email compromises, making them attractive to cybercriminals.
In fact, according to the FBI Internet Crime Complaint Center (IC3) report, about 20,000 complaints about Business Email Compromise were reported in 2020. The IC3 also reported over 1.8 billion in losses due to BEC attacks, which was higher than any other cybersecurity attack.
Unlike most cyberattacks, BEC attacks rely on social engineering rather than malware to trick unsuspecting employees and executives into making payments or sending sensitive data. That makes BEC notoriously challenging to prevent, especially using traditional threat detection solutions. Fortunately, there are common signs you can watch out for to protect your business.
1. Suspicious Requests From Senior Management
A request from senior management such as the CEO or CFO is one of the most common signs of a BEC scam. BEC attackers often pose as high-ranking persons within your company, requesting you to immediately wire a large sum of money, provide sensitive documents, or change a worker’s banking details. The money is then sent to the attacker’s accounts.
Cybercriminals usually send these requests at the end of the workday and week, so you can complete the request before the end of business hours. That’s why you should always double-check the message’s source before carrying out any sizeable financial transaction requests or sending any sensitive information.
2. Suspicious Attachments From Cyber Security Attackers
Some cybercriminals send email attachments containing malicious software that can infiltrate your company’s network, giving them access to authentic email threads about billing and invoices. The attackers then use that information to step in at the perfect time with urgent payment requests that look legitimate. Always be cautious when opening any attachment received from an unfamiliar source.
3. Sense of Urgency and Requests To Bypass Procedure
Another common sign of BEC scams is subject lines that indicate urgency concerning fund transfers or payment inquiries. Attackers often use brief messages and demand you to bypass standard procedure when requesting immediate payment processing. Always beware of any requests that demand you skip the company’s protocol, no matter who’s the sender.
4. Suspicious Requests from Lawyers or Suppliers
Cybercriminals might also impersonate your company’s supplier to request an immediate change of their payment account details or shipping information without following the normal process and the proper paperwork. They can also use your attorney’s identity to get hold of sensitive legal information or even use your business’ email domain to attack customers and suppliers. This could damage your company’s reputation, relationship with suppliers, and even stakeholder trust.
Guard Your Business Against Business Email Compromises
While there are no fail-safe ways to prevent BEC scams, there are measures you can take to make your business more secure. Some of them include educating your employees about business email compromises and establishing protocols for carrying out financial transactions. At Total, we offer comprehensive cyber security services, including BEC attack solutions that can lower your risk levels.
Contact us today to learn more about how you can protect your business and employees from BEC attacks. We’ll help your business shape an effective cyber security program that guarantees the integrity and availability of your data.