Concerned about people in your organization getting tricked by a business email compromise (or “BEC”) scheme? Or, maybe you’ve already been hit by a BEC scam, and you’re hoping to recover and to prevent it from happening again.
Whatever the case may be, business email compromise is a serious concern for businesses in just about every vertical. It doesn’t matter if it’s retail, medicine, travel, or finance: businesses are losing billions of dollars to these clever attacks every year.
What exactly does BEC entail, though? How does it work against you, and most importantly, how do you fight back? Let’s find out.
Business email compromise, commonly abbreviated to BEC, is a scam conducted through email. With a BEC attack, an email will appear to come from a legitimate source within the business. However, the sender is an imposter attempting to trick other members of the organization to divulge sensitive information.
While directors and people in the C-Suite are common targets, scammers may potentially attack anyone within your company. A simple email could lead to losses in the thousands or even millions of dollars.
Read MoreFake workflows, imparting a sense of urgency, odd requests, and suspicious email addresses or domain names are all “red flags” for business email compromise.
To combat this threat, you and your employees will need to be intimately familiar with red flags that could indicate a BEC scam in progress.
Read MoreBusiness email compromise has evolved into one of the costliest cybercrimes in existence. According to the FBI’s Internet Crime Complaint Center (IC3), BEC scams have resulted in more than $55.5 billion in losses globally over the past decade. That’s more than the GDP of many small nations… all vanished through carefully orchestrated email schemes.
Read MoreStill having trouble grasping the gravity and scope of this threat? Companies as notable as Facebook, Google, and Toyota have been preyed on.
Here are five recent BEC scam and their estimated losses to convince you that no business is immune.
Read MoreTo combat business email compromise, you and your employees will need to be intimately familiar with the red flags that could indicate a BEC scam in progress. A suspicious tone, and a sense of urgency are just a couple of examples. Here are some others to consider.
Read MoreLegacy tools used by email clients can help prevent some BEC attacks. But, it’s important to have a multilayer strategy that involves multi-factor authentication, fraud awareness training, detail-oriented critical thinking, and other best practices.
Read More
According to the FBI, the average business email compromise (BEC) attack cost merchants over $125,000.
Business email compromises can cost as much as $5 million per breach. Indeed, the issue is so incredibly serious that the FBI has labeled BEC “the $26 billion dollar scam.” If those numbers seem surreal, keep in mind, the threat is only growing. In 2020 alone, BEC fraudsters scored nearly $2 billion dollars this way… a number considerably higher than losses associated with any other type of cybercrime.
Essentially, BEC scams are conducted through email, usually on an interpersonal level within a business. The fraudulent email will appear to come from a legitimate source within the business and is usually making a seemingly legitimate request.
In the commonly-used executive fraud scam, for instance, BEC scammers will impersonate a company’s CEO or another executive in order to target employees. The request is usually made to an accounting or financing department employee and is intended to encourage the transfer of funds to the fraudster’s chosen account.
Among other things, BEC scams differ from most schemes because they have specific targets in mind. They look more legitimate, and often appear reasonable or well within the parameters of normal business operations. In this way, cultivated deception is key.
One recommended practice for protecting against BEC attacks is to implement multi-factor authentication (MFA), which can make it more difficult for scammers to gain unauthorized access to email servers and internal systems.
Sort of. Whaling, also known as CEO fraud, is a specific type of business email compromise (BEC) attack in which scammers target high-level executives and manipulate them into revealing sensitive information.
