How To Fight the Rise in Business Email Compromise
Almost all of us still rely on email in our personal and working lives, which is one key reason why it is used as an attack channel by cyber threats. Cyber criminals are increasingly using malicious emails to attack and exploit businesses, so we have created this article to help you to secure your business against these harmful email-borne threats.
As these attacks are rising in number, it’s important to pay attention to them. BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report these threats. BEC includes phishing, which is one of the most common and successful forms of cyber-attack that are used against businesses.
What is Business Email Compromise (BEC)?
BEC is a type of scam where criminals use email fraud to target victims to undertake an action that leads to a compromise of the business.
A cybercriminal will pose as an authoritative figure and send emails to individual targets within a business, creating a sense of urgency in doing so. For example, they may pretend to be a company executive or a partner business. Scammers attempt to send emails to employees, customers or vendors in order to compel them to disclose sensitive information or make a payment.
These scams have the potential to cause severe financial damage to businesses and can harm their reputations greatly, so it is important to take steps to protect your business.
How Does BEC Work?
BEC attacks can range from simple and rudimentary emails, to sophisticated and convincing attacks. In the latter case, a sophisticated attacker will try to research the target organization and its employees, which allows them to create a more precise attack that stands a greater chance of success.
Scammers will begin to collect intelligence via free online sources, such as LinkedIn, the websites of organizations, and Facebook. Once an attacker has enough information, they can create a convincing email that will attempt to impersonate an authoritative figure linked to the recipient.
If the email makes it into the recipient’s inbox, they will open it to find an urgent request, such as demands for certain details or to click on a link. These attacks will often use social engineering techniques to create a false sense of trust. This can be achieved using a convincing email address, replicating the person’s phone number, or a website link that realistically spoofs the website of the impersonated person’s company.
If the recipient falls for the scam and takes the requested action, then it is likely there will be a compromise of sensitive information and/or a loss of funds.
How to Fight Business Email Compromise
BEC scams are preventable with the right tools and measures. Here is how to minimize the risk of falling victim to them.
Users form the critical factor in whether a BEC attack ultimately succeeds or not, so its important to empower them to protect your business by raising their awareness of this threat, and the best practices to address it.
Training should educate users about ensuring email account security, including:
- Using a strong email password with at least 20 characters, including capital letters and special characters.
- Ensure that users lock their computer when it is not in use, and that they log out of webpages that use their username and password for verification.
- Storing their email password in a secure, encrypted manner, using tools like password managers.
- Changing their password whenever a breach is suspected.
- Ensuring that all passwords are unique and are not shared with any other websites or people.
- Checking the sent folder regularly for any strange messages.
- Notifying an IT contact if they feel that an email is suspicious.
Deploy a Payment Verification Process
A key motivation and part of BEC is trying to trigger an illegitimate payment. A payment verification process provides a final safeguard in cases where a user has begun to comply with a scam. Payment verification can include two-factor authentication, and especially ensuring that confirmation is made by multiple parties.
Check Financial Transactions
Organizations should check all financial transactions regularly to look for irregularities, such as unexpected wire transfers or changes in payment instructions. With a schedule, you can ensure this is carried out regularly and is being monitored for oversight.
Establish a Response Plan
A response plan will empower your business to respond rapidly and effectively in cases where BEC attacks are successful. These plans can include how to report the incident, safeguarding measures for freezing a transfer or calling it back, as well as a process for notifying legal authorities, and assessing whether the wider network has been compromised.
Use Anti-phishing Software
Anti-phishing software can be implemented to detect and block fraudulent emails. AI and machine learning technologies are being used in a wide range of use cases, including in this area. By using anti-phishing software, you can prevent even the most sophisticated BEC attempts from reaching your users’ inboxes.
Grapevine MSP – Your New IT Support Solutions Provider based in Bakersfield, California
Ready to take your business to the next level with reliable and efficient IT support? Look no further than Grapevine MSP. With our comprehensive IT services, including network management, security solutions, and proactive support, Grapevine MSP is the partner you need for seamless business growth. Our team of experienced professionals will ensure that your IT infrastructure is optimized, allowing you to focus on expanding your company with confidence. Don’t let technology hold you back – contact us today and discover how Grapevine MSP can propel your business forward.