Business Email Compromise Jumped 81% Last Year! Learn How to Fight It
In recent years, electronic mail (email for short) has become an essential part of our daily lives. Many people use it for various purposes, including business transactions. With the increasing dependence on digital technology, cybercrime has grown. A significant cyber threat facing businesses today is Business Email Compromise (BEC).rnrnWhy is it important to pay particular attention to BEC attacks? Because they’ve been on the rise. BEC attacks jumped 81% in 2022, and as many as 98% of employees fail to report the threat.rn
What is Business Email Compromise (BEC)?
rnBusiness Email Compromise (BEC) is a type of scam in which criminals use email fraud to target victims. These victims include both businesses and individuals. They especially target those who perform wire transfer payments.rnrnThe scammer pretends to be a high-level executive or business partner. Scammers send emails to employees, customers, or vendors. These emails request them to make payments or transfer funds in some form.rnrnAccording to the FBI, BEC scams cost businesses around $1.8 billion in 2020. That figure increased to $2.4 billion in 2021. These scams can cause severe financial damage to businesses and individuals. They can also harm their reputations.rnHow Does BEC Work?
rnBEC attacks are usually well-crafted and sophisticated, making it difficult to identify them. The attacker first researches the target organization and its employees. They gain knowledge about the company’s operations, suppliers, customers, and business partners.rnrnMuch of this information is freely available online. Scammers can find it on sites like LinkedIn, Facebook, and organizations’ websites. Once the attacker has enough information, they can craft a convincing email. It's designed to appear to come from a high-level executive or a business partner.rnrnThe email will request the recipient to make a payment or transfer funds. It usually emphasizes the request being for an urgent and confidential matter. For example, a new business opportunity, a vendor payment, or a foreign tax payment.rnrnThe email will often contain a sense of urgency, compelling the recipient to act quickly. The attacker may also use social engineering tactics. Such as posing as a trusted contact or creating a fake website that mimics the company's site. These tactics make the email seem more legitimate.rnrnIf the recipient falls for the scam and makes the payment, the attacker will make off with the funds. In their wake, they leave the victim with financial losses.rnHow to Fight Business Email Compromise
rnBEC scams can be challenging to prevent. But there are measures businesses and individuals can take to cut the risk of falling victim to them.rnEducate Employees
rnOrganizations should educate their employees about the risks of BEC. This includes providing training on how to identify and avoid these scams. Employees should be aware of the tactics used by scammers. For example, urgent requests, social engineering, and fake websites.rnrnTraining should also include email account security, including:rn- rn
- Checking their sent folder regularly for any strange messages rn
- Using a strong email password with at least 12 characters rn
- Changing their email password regularly rn
- Storing their email password in a secure manner rn
- Notifying an IT contact if they suspect a phishing email rn
Enable Email Authentication
rnOrganizations should implement email authentication protocols.rnrnThis includes:rn- rn
- Domain-based Message Authentication, Reporting, and Conformance (DMARC) rn
- Sender Policy Framework (SPF) rn
- DomainKeys Identified Mail (DKIM) rn