The Next Big Digital Threat: Business Email Compromise
What is BEC? (Business Email Compromise)
Email is considered one of the largest and accessible mediums of communication technology that connects people from every corner of the globe. With the rise in email-communication develops the rise of cybercrime and other malicious activity. Business Email Compromise, better known as BEC, is a security breach that is executed through deceitful email targeting. Every business of all shapes and sizes have been targets of BEC, and the results can be disastrous.
According to the FBI, “organized crime groups have targeted large and small companies and organizations in every U.S. state and more than 100 countries around the world—from non-profits and well-known corporations to churches and school systems. Losses are in the billions of dollars and climbing .” Because information technology is being utilized by more and more businesses, both large and small, these cybercriminals are targeting all of these operations to steal their information and create an opportunity to call for ransom.
Who is targeted?
Cybercriminals all have different motives when selecting their next target of attack. Everyone in every level of the organizational structure is subject to this form of a digital threat if they use technology in their business function. The email could target employees with access to confidential information such as new products, client information, and funding reports. Furthermore, the attacker could target entry-level employees who might not be properly trained in spotting BEC the most common of BEC techniques, including Phishing (See below). According to Verizon’s 2018 Data Breach Investigations Report , “4% of people will click on any given phishing campaign” meaning your business could be more at risk than you think!
What are the methods cyber criminals use?
Although there are some fairly common utilized methods of BEC, cybercriminals are constantly changing their approaches and using new techniques to scam information and resources from companies. However, all of these attempts rely on the same technique: the cybercriminal using misleading and deceitful information to try and gain a digital or psychological advantage over the email user. The most commonly reported cases of BEC have resulted from examples such as:
- The Cybercriminal creates a fake email account under the same name of a C-Level executive requesting emergency funds be routed immediately
- A false email sent from the company “attorney” requesting personal information for their records (in which will be used for identity theft, etc.)
- Scams that target employees in invoicing departments where funds are requested to be sent to unknown locations or addresses
How can I prevent BEC?
As with all defenses of Cybercrime, your best protection is an early prevention strategy and proper training for your employees. The most common methods of BEC rely on misleading tactics and the deception of the message receiver. Most incidents of Business Email Compromise can be evaded by using your email with good judgment and logic of what is being requested/asked by the sender of the message. Some common questions you should ask yourself if you ever have doubt on the authenticity of the message:
- Is the email coming from a trusted sender’s proper email address? (the company’s approved and trusted email server?
- Would this person ask me for this personal information in a real-time conversation?
- Does the email ask for specific details regarding personal information? (Social Security number, bank routing information, etc)
We recommend having a regular schedule where your business is constantly re-evaluating their Cybersecurity strategy and approach to preventing Business Email Compromise.