Today we take a look at a large and growing cybercrime that targets organisations of all sizes across every industry in the world: Business Email Compromise. What is Business Email Compromise & why should you care about it? Business Email Compromise is one of the most financially damaging cyber crimes. Criminals exploit the fact that many of us rely on email to conduct business.
Business Email Compromise (BEC) is an email scam where an attacker targets a business to defraud the enterprise.
Typically, the attacker assumes the identity of someone the target trusts, like a boss, colleague, or vendor. Most of the time, the attackers will use email accounts that have either been compromised. They can also attack with email accounts that are spoofed to appear like emails the victim is familiar with. The attackers assume the role of a legitimate party asking for things such as money transfers, purchase orders, or changes to banking information for upcoming payments.
Common types of BEC scams include the following:
- CEO Fraud: where the attackers assume the role of a CEO or executive of a company and email an individual within the finance department requesting funds to be transferred or for some financial action to be taken by the target on behalf of the senior role holder.
- False Invoice Schemes: The attackers pose as a related vendor or supplier and produce a fake invoice in the target company’s name. Then they deceive a finance employee by presenting a fake invoice and demanding payment.
- Attorney Impersonation: where the attackers impersonate a legal representative requesting payments. These attacks frequently target lower-level employees because they lack the knowledge to question the request’s legitimacy.
- Data Theft: Typically, the HR department is the target of this type of BEC attack. The attackers want to obtain the department’s employee data for spear-phishing or spoofing attacks.
The difference between BEC and traditional phishing attacks
Unlike traditional phishing attacks, these attacks can be more challenging to defend against because they frequently lack malware, such as malicious attachments or links to malicious websites, which systems could detect. As a result, our defence is mainly based on detailed email analysis. Some tips to avoid falling victim to BEC include:
- Avoiding unsolicited emails or texts asking you to update or verify account information. Look up the company’s phone number (don’t use the one a scammer gives you) and call to verify the request.
- Check any email address, URL, and spelling. Scammers use small differences to deceive you. Verify payment and purchase requests in person or by phone. Verify account number or payment changes with the requester.
- Always be skeptical if the requester wants you to act quickly.
- Always be skeptical of requests that bypass normal channels or whenever the requester asks you not to communicate about the request with others.
Thanks for reading our article “What is Business Email Compromise & why should you care about it?” If you need any further information about this topic, visit our Help Centre to see articles in our KnowledgeBase or Contact Us on WhatsApp.
