Business email compromise (BEC) scams are more common than you think. Between 2014 and 2019, businesses suffered financial losses worth over $2.1 billion on account of business email compromise, according to the Internet Crime Complaint Center (IC3).
But what exactly is business email compromise? BEC is a type of email fraud that aims to steal a company’s confidential business information or commit money transfer fraud. For instance, hackers can send emails that look like they are coming from a real employee or a trusted business partner asking you to transfer funds or share critical business information.
If hackers have defrauded your business through BEC, you should report the attack to the appropriate authorities in your state. You may also want to hire a computer hacking forensic investigator to find out the source of the attack and any other details. However, it is always a good idea to take preventive steps to protect your business from BEC scams. For instance, you can use endpoint threat prevention software that automatically detects, responds to, and prevents cyber attacks in real time. Here are some more tips on how to prevent business email compromise.
Know the warning signs
You can fend off most BEC attacks simply by being a little more cautious. Attackers use some common tactics to steal information through a BEC scam. They often try to instill a sense of urgency. For instance, a phishing email may request last-minute changes or a quick fund transfer right before the workday is over.
Scammers also use a tactic called domain spoofing, in which they try to fool victims into believing the email is coming from a credible source. For instance, the attacker may create a fake domain name that closely resembles the original domain name, such as sureexcel.com instead of surfexcel.com.
Educate your employees
Make sure your employees are aware of the consequences of a business email compromise. Issue clear guidelines for what to do when someone receives a suspicious email. Organize training programs from time to time to educate your employees on how to identify and prevent a BEC scam. For instance, they should not respond to any emails coming from the personal email address of the sender. Always use a business email address for internal communication. Employees should also verify a request for fund transfers received via email by calling the sender directly before making the transfer. If the request comes from a senior executive, your employee may be hesitant to call them for confirmation. That’s why you should set clear rules for communication so that your employees can confidently follow up with the person sending a payment request or asking for confidential business data.
Also, set up a system for how your company should investigate an email scam. For instance, contacting a computer hacking forensic investigator immediately after a BEC attack.
Use multiple layers of defense
Consider applying multi-factor authentication (MFA) in all of your company emails. That way, attackers must have access to a user’s physical device, such as a phone or laptop in order to hack into their account. You can also use advanced software tools for endpoint threat prevention. These tools give you real-time visibility into each enterprise endpoint so that you can respond to any possible cyber attack as they arise.