With so much talk in the news regarding recent high profile data breaches and cybercrime attacks, there is one equally as dangerous type of cybercrime that tends to get overlooked by business owners and their employees.
BEC or Business Email Compromise is a type of hacking that involves a fraudster infiltrating office communications for the purpose of stealing from the company. BEC has cost over $12B in losses and according to the FBI is on the rise. This type of crime isn’t something that only affects certain types of business, a certain size of business, or even only businesses. BEC incidents have been reported not only in all 50 states but in over 150 countries and affect businesses of all types and sizes, big and small, as well as individuals.
And over the past few years has been showing signs of becoming more and more popular with cybercriminals. Over less than a two year period from 2016 to mid 2018 the FBI recorded an increase of 136% globally of this type of fraud.
What you need to know about Business Email Compromise.
Business Email Compromise is a popular target for a fraudster simply due to the fact that people are not terribly aware of it. Many companies do not have any protocol in place regarding a BEC incident let alone made an effort to create a culture of awareness among employees to watch out for it. Fraudsters use social engineering or computer intrusion techniques to compromise business email accounts with the goal of facilitating unauthorized transfers of funds. Obviously one of the most common desires is money, but often the bad guys are playing more of a long game. The information they are mining for will be Personally Identifiable Information (PII) or Wage and Tax Statement (W-2) forms for employees.1 The actor will be able to interrupt email chains between a business owner, CEO, or a manager and a staff member so that they know personal names, client names and transaction information making them seem more legitimate. They get ahold of travel information so they know when a boss is going out of town or about to board a plane. They become privy to the timing of when a deal is supposed to close making it seem timely and not out of the ordinary as a way to reduce the suspicion of the target employee.
Urgency is key when it comes to these types of scams. The fraudster needs to make the recipient feel a sense of urgency, that this transaction needs to happen ASAP. They will often lead the employee to believe the boss or “powers that be” are in a hurry, there is no time to question the situation.
One of the best ways to help arm yourself and your company against this type of fraud is education. Making sure that you implement some type of training to help your employees to recognize this type of scam so they are less likely to fall victim. Require multi-factor authentication for all email access makes it much harder for a potential fraudster to gain control over an account. Simply making your employees aware that the practice exists and arming them with ways to recognize potential issues will go a long way in protecting your company from a potential breach.
The second best thing to set in motion is a checks-and-balances, or a backup, plan in place for any type of financial transaction. Implement rules stating that every financial transaction must be double verified before the transfer is completed. Some businesses have even been known to create a unique code word for each transaction that only the two parties involved are privy to. Meaning it is not talked about through email communications.
Specialized Email Security Software-
There are also 3rd party companies who specialize in protecting company email accounts from fraud. Using AI to detect anomalies in the header and body of emails to detect attackers and potential fraudulent situations they are able to help protect your account from these guys getting in and obtaining sensitive information.
If a phishing email either attempts to impersonate web services like Microsoft Outlook or includes links to fraudulent signature pages or attempts to spoof an email address the software can not only recognize it but will also quarantine it immediately.
It is easy to blame the employee for falling victim to a BEC scam, but if you are not arming your employees with the knowledge they need to help you to protect your company you are doing a disservice to them and the integrity of your company. The FBI has compiled a great list of “self-protection strategies” that can easily be distributed to employees to begin the process of education as well as give them a sense of power and responsibility to help protect the company and fellow employees. “Best Practices for Victim Response and Reporting of Cyber Incidents” is also a valuable resource located on the United States Department of Justice website.
At Bankcard Brokers we understand how important security is for our business clients, not only do we intend to supply our clients with the highest and most secure payment transactions, but we also strive to educate them regarding all types of potential fraud and security breach because the best way to be successful is to not fall victim to costly fraud and thievery.