Are you and your company vulnerable to business email compromise (BEC) attacks?
Business Email Compromise is a scam or attack from online criminals in an attempt to defraud a company for thousands, sometimes even millions, of dollars by targeting their email systems.
Consider these 4 facts about BEC that might surprise you:
BEC attacks can appear in many forms. They almost always target an individual in an attempt to collect important or confidential internal data. It might also involve posing as an executive or client to trick an employee into invoicing or wiring money directly to the scammer.
Are you prepared to defend against BEC? Let’s take a look at the most common forms of Business Email Compromise: Malware and email phishing.
Malware is the oldest trick in the email compromise book. Malware has been used by cybercriminals for decades with a long list of motivations, including data breaches, remote system control, wire transfers, and even ransom.
Malware, also known as malicious software, is a piece of software designed to gain access to or damage a computer or network’s systems. In the case of BEC, it may appear as an email attachment or a link that takes you to an automatic download intended to cause harm.
Example: A scammer sends an email that says “Hi Riley, I manually updated the data tables for Q3 and attached the file below,” with a fake spreadsheet file attached to the email for the victim to download. This download gives the scammer access to the business network, threatening the security of the organization.
How to prevent malware attacks at your business:
Another common method of BEC attacks is spoofing/phishing emails. Chances are, you’ve received at least one phishing email in your lifetime, if not many more.
Spoofing attacks are when the sender impersonates a trusted sender in an attempt to infiltrate accounts, internal systems, or gain access to confidential data (and sometimes even Amazon gift cards). These types of BEC attacks are often a series of emails attempting to gain trust and become more familiar before attempting to initiate the BEC scam.
Example: You receive an email that appears to be from someone who works in your finance department, asking you to change the payment information on an invoice and send payment out ASAP. These will typically appear to be a real email from an authentic sender.
The first step to avoiding phishing emails is learning how to identify some of the following common “red flags”:
How to identify spoofing and/or phishing attempts:
Constant vigilance! It never hurts to have a healthy amount of suspicion. If any of these boxes are checked, especially if you’re receiving the request seemingly out of the blue or aren’t sure why you’re being asked, take the following precautions:
Question: Who is most vulnerable to Business Email Compromise scams?
All businesses are at risk of being targeted by BEC scams, but most commonly individuals that work on executive teams and in financial departments. Scammers may also target:
Question: What are common defenses and ways to identify potential BEC scams?
If you believe you are being targeted by a BEC scammer you can try some of the following steps to check their legitimacy:
Question: What are some other ways I can prevent BEC scammers from attempting to contact me and protect myself if they do?
Some other tips to passively protect yourself and your email from BEC attempts are:
BEC scams have been reported in all 50 U.S. states and 177 countries worldwide. As companies continue to transition to virtual meetings and online transactions, the frequency of Business Email Compromises increases as well—that means you should be taking extra precautions to protect your business.
DNSFilter protects thousands of companies across the world from BEC. See how it works with a 14 day free trial.
An Interview with Remote Work Expert Kaleem Clarkson
Companies and their employees are seeing the benefits of moving workforces to a virtual (or work from home) distribution. We sat down with remote work expert, Kaleem Clarkson, for a deeper dive.
Domain Intelligence from Full-Scope Cyber Threat Intelligence: An Introspective
Alex Applegate, Threat Intelligence Researcher at DNSFilter, shares what went into his decision to shift his cybersecurity focus to domain intelligence research.
RSAC 2022: The Rise of DNS-Based Attacks
With RSAC 2022 behind us, we’re reflecting on one of the most important themes at the conference: Rising DNS-based attacks.