Business email compromise (BEC) is a harmful new type of cybercrime affecting companies across the world, costing billions of dollars. It’s critical for businesses of all sizes to understand what these attacks are and how to prevent them.
Typical BEC attacks start with criminals obtaining your email credentials through a standard phishing attack, usually by disguising themselves as a trustworthy business, program or person. What happens next, though, is much different from your standard phishing attack.
For a while, the cybercriminals lurk in your inbox, remaining hidden until they learn how you communicate. Once they can mimic your communication style, they will then respond to an existing email thread in order to manipulate the outcome. Often, that means redirecting the recipient you were communicating with to take an action such as paying a fraudulent invoice or transferring funds to an illegitimate account.
BEC attacks are a real threat to businesses today. The FBI started tracking attacks in 2013 and advises that:
“Organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems. Losses are in the billions of dollars and climbing.” (FBI.gov)
As business email compromise incidents become more and more prevalent, it’s critical to understand how they happen and what you can do to protect your business from an attack.
A one-stop resource with everything you need to keep your business safe and secure – now and in the future.
Learn the cybersecurity essentials today.
One of the most insidious things about BEC attacks is the sheer number of ways it can affect your business. Here are five of the most common ways that business email compromise takes place.
What makes business email compromise attacks so effective is that the communication is coming directly from the email accounts of trustworthy email addresses, in a tone and voice that’s familiar and sensible. It raises few red flags, and once a cybercriminal has access to your credentials, there are few technology security solutions that can shut the criminal down. Unlike other types of phishing attacks, there are no malicious links or attachments involved – just pure psychology at work.
But that doesn’t mean you can’t protect yourself and your business against business email compromise.
Similar to most types of cyberattacks, the best cybercrime prevention is to be prepared. Preventing a business email compromise situation from occurring means educating your team on the dangers and putting processes in place to prevent breaches.
These four steps will dramatically reduce the risk to your business and mitigate the damage of any attack.
If you suspect you’ve already been a victim of a business email compromise incident or need help putting a plan in place to avoid disaster, contact us today.