Are You Protected Against Business Email Compromise Attacks?
On May 4th, 2022, the FBI published a public service announcement updating its warnings about the continuing threat of business email compromise, also known as CEO fraud. It’s a problem that has reached staggering proportions. Between June 2016 and December 2021, the FBI quantified 241,206 domestic and international incidents of business email compromise. The exposed dollar loss – including both actual and attempted losses – was more than $43 billion!
What Is Business Email Compromise?
According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”
Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.
However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.
How to Protect Your Business Against BEC Attacks
In the public service announcement, the FBI offers several suggestions for businesses to adopt to better protect against business email compromise attacks.
- Use secondary channels (such as phone calls) or multi-factor authentication to validate requests for any changes in account information.
- Ensure that URLs in emails are associated with the businesses or individuals from which they claim to be originating.
- Keep an eye out for hyperlinks that contain misspellings of the actual domain name.
- Steer clear of providing login credentials or PII of any sort via email. Bear in mind that many emails requesting your personal information may appear to be legitimate.
- Verify the email address used to send emails – especially when using a mobile or handheld device – by making sure the address appears to match that of the purported sender.
- Enable settings on employees’ computers to allow full email extensions to be viewed.
- Monitor your personal financial accounts routinely for irregularities, such as missing deposits.
What to Do If You or Your Company Should Fall Victim to a BEC Attack
According to TechRepublic, business email compromise (BEC) is “a sophisticated scam that targets companies and individuals who perform legitimate transfer-of-funds requests.”
Through the use of social engineering or malware, cybercriminals will masquerade as one of the individuals involved in these money transfers to trick the victim into sending money to a bank account owned by the cybercriminal. Once the fraud is exposed, it’s often too late to recoup the money. Scammers are quick to relocate the money to other accounts and withdraw the cash or use it to buy cryptocurrencies.
However, the scam is not always associated with an unauthorized transfer of funds. One BEC variation involves compromising legitimate business email accounts and requesting personally identifiable information (PII), wage and tax settlement (W-2) forms, or even cryptocurrency wallets from recipients.
Final Thoughts
Cybersecurity has never been more important. We live in an increasingly connected world, which enables cyberattackers to constantly find new ways to carry out digital attacks. Even the most vigilant business owners and IT managers can become overwhelmed with the stress of maintaining network security and protecting their data.
These increasingly advanced cyberattacks create unprecedented situations of data breach and money extortion. The tools that hackers use are getting smarter and stronger every day. If you’re not proactive about protecting your network, your business will become a target of cybersecurity attacks.
DataGroup Technologies, Inc. (DTI) offers a wide variety of cybersecurity services to help protect your business from cyberthreats, including security risk assessments, email security solutions, web/DNS filtering, next-generation firewalls, network security monitoring, operating systems/application security patches, antivirus software, and security awareness training. If you’re not 100% certain that your business is protected from cybercriminals, contact us today at 252.329.1382 or message us to find out more about how we can help #SimplifyIT!