Most businesses have heard of Ransomware and the issues that come with it. And hopefully, provisions will have been put in place to ensure they don’t become a victim of this sort of crime. However, there’s a massive new threat that many companies may not have heard of; but soon will. E-mpower.IT wanted to tell you before you become targeted. The name is ‘Business Email Compromise’ also known as ‘BEC’. Currently it’s the most lucrative and profitable method to extract large amounts of money from businesses. As it’s fairly new, it’s yet to hit the headlines although, as a quality IT Support company we are aware of BEC and have already come across clients that were targeted by BEC, however, It won’t be long before all companies are aware of it.
BEC involves an email, sometimes using ‘spoofing’ so it looks like an email is from a colleague/co-worker when it actually isn’t. The emails target financial employees who can send funds by bank transfer. The criminals have often done their research on both the company hierarchy and its employees using a range of tools such as:company websites and social media including linked-in. This enables them to piece together the likely chain of command. Typically, the message will look like it’s sent from the CEO or someone of a similar position asking the recipient to bank transfer money to a business associate or a fictitious client. The email will often express some urgency which encourages the recipient to act quickly, resulting in money usually being transferred into a foreign or domestic bank account owned by the cyber criminals.
BEC scams started by targeting large corporations, both Facebook and Google have been victims of such crime. However, now the criminals are widening their nets to include small to medium sized companies. The beauty of this scam for the criminals, is that the messages don’t contain malware or suspect links and therefore, aren’t picked up by advanced antivirus, they rely on human error. To understand just how major the threat of Business Email Compromise is, in the USA alone, from October 2013 and December 2016 $5.3 billion was stolen due to BEC fraud v’s $1 billion from ransomware fraud in 2016.
The good news is there are things you can do to protect you and your business, enter your email address below to find out what…
- Ensure you have strict procedures in your Accounts Department, i.e. all financial email requests are verified with a phone call or in person, any financial request is cross checked, enlist a two-factor authentication process especially for any requests that seem out of the ordinary
- After receiving such an email request, always hover over the email address or press reply, and then check the email address. This is a good way to ensure it hasn’t been spoofed and it is from who it says it’s from. Pay particular attention to the spelling, as the address will often look the same but with a typo, if you’re having a busy day this may easily go un-noticed
- Look out for the ‘Subject line’ in emails, the most commonly used word in the subject line is ‘request’ as well as other single words like ‘payment’, ‘transfer’ or ‘urgent’
- Educate your staff by talking to them about these sort of scams, ensure they are aware they exist and reinforce the need to act cautiously around any transactions involving the transfer of funds
Business Email Compromise is a low cost, high return scam which means this type of fraud will rapidly grow. More and more businesses will be affected every day, hopefully these tips will help to ensure you don’t become a victim of cybercrime.
If you would like any help on how to protect your business from the cyber criminals, speak e-mpower.IT today,
e-mpower.IT are based in Burgess Hill, West Sussex and offer IT support and guidance for small to medium sized businesses in the South East of England.
We are the specialists in handling your IT needs including: antivirus, software, hardware, backup, Cloud services and more.