Table of Contents
What Is Business Email Compromise (BEC)?
Business Email Compromise (BEC), also known as email account compromise (EAC), is a sophisticated scam that targets both businesses and individuals who perform legitimate transfer-of-funds requests. The goal of BEC is to trick businesses into making unwarranted wire transfers to accounts controlled by cybercriminals. These scams have been reported in all 50 U.S. states and 177 countries with losses exceeding $1.8 billion per year, according to the FBI’s Internet Crime Complaint Center.
The critical element of business email compromise scams is their reliance on deception rather than hacking or technical intrusion methods. Cybercriminals use social engineering techniques to impersonate executives or employees within an organization, usually through email. They manipulate victims into performing actions or divulging confidential information, often leading to significant financial losses.
Understanding BEC can help businesses take proactive steps to protect themselves against this increasingly common and costly form of cybercrime. Awareness of what constitutes a BEC attack, the various tactics used by cybercriminals, and the common signs of an attack can provide an essential first line of defense.
Common Scenarios and Tactics Used in BEC Schemes
Impersonation of High-Level Executives
One of the most common tactics used in BEC scams is the impersonation of high-level executives. Cybercriminals often pose as CEOs or other senior executives to trick employees into believing their requests for fund transfers or sensitive information are legitimate. This tactic exploits the inherent authority of these positions and the likelihood that employees will comply without question.
The scam usually involves a seemingly urgent request for a wire transfer or other action that bypasses regular procedures. The cybercriminals often claim that they are unavailable to discuss the request due to being in a meeting or on a business trip. This tactic is designed to pressure the victim into acting quickly and without the usual checks and balances.
Account Compromise
Another common tactic used in BEC scams is account compromise. This involves cybercriminals gaining unauthorized access to an executive’s email account. They then use this account to send fraudulent requests for funds transfers to employees within the company. The use of a genuine email account can make these requests appear more legitimate and harder for employees to identify as fraudulent.
This tactic can be particularly damaging as it not only results in financial loss but can also lead to the exposure of sensitive company information. Once the cybercriminals have access to an executive’s email account, they have access to all the information contained within it, potentially including confidential company data.
False Invoice Scheme
The false invoice scheme is another common BEC scam. In this scenario, cybercriminals pose as vendors or suppliers and send fake invoices to companies. These invoices often look identical to genuine ones, making them difficult to spot.
These fraudulent invoices are typically sent to companies that have established relationships with the vendor being impersonated. This makes it more likely that the company will pay the invoice without questioning its authenticity. The money is then transferred to an account controlled by the cybercriminals rather than the genuine vendor.
Attorney Impersonation
In the attorney impersonation scheme, cybercriminals pose as lawyers or representatives of law firms. They contact businesses, usually via email, claiming to be handling confidential or time-sensitive matters. This could be anything from a supposed legal dispute to an acquisition or merger.
This tactic relies on the sense of urgency and confidentiality often associated with legal matters to trick businesses into acting quickly and without the usual checks. The cybercriminals then request a funds transfer to an account they control, supposedly to cover legal fees or other costs associated with the matter.
Common Signs of a BEC Attack
Being able to identify the common signs of a BEC attack can help businesses protect themselves against this type of cybercrime.
Unexpected Email Requests for Money Transfers
One of the most common signs of a BEC attack is an unexpected email request for a money transfer. This could be a request from a supposed executive or an email from a vendor containing an invoice for payment. Often these requests will be urgent and bypass regular procedures.
If you receive an unexpected email request for a money transfer, it’s essential to verify the request through another channel. This could involve calling the supposed sender or using a previously established email address to confirm the request.
Changes in Banking Details
Another common sign of a BEC attack is a change in banking details. Cybercriminals often use BEC scams to trick businesses into transferring money to accounts they control. This often involves sending an email posing as a vendor or supplier and claiming that their banking details have changed.
If you receive an email requesting a change in banking details, it’s essential to verify this through another channel. This could involve calling the supposed sender or using a previously established email address to confirm the change.
Emails with a Sense of Urgency or Confidentiality
One of the most common signs of a BEC attack is an email that creates a sense of urgency or confidentiality. These emails might ask for immediate action, such as a wire transfer to a new account or providing sensitive information, like passwords or client data. The message may also urge the recipient to keep the request confidential or bypass normal procedures, making it difficult to verify its legitimacy.
Scammers often manipulate their victims by exploiting their sense of responsibility or fear of disappointing a superior. It’s important to remember that no matter the sense of urgency, every email request, especially those involving financial transactions or sensitive information, should be verified.
Unusual Sender Email Addresses
Another common sign of a BEC attack is an unusual sender email address. The email might appear to come from a high-ranking official in the organization, but upon closer inspection, the email address might be slightly different from the official email address. Cybercriminals often use email addresses that closely resemble the official ones, with slight variations or misspellings that are easy to overlook.
It’s crucial to always double-check the sender’s email address, especially if the email contains unusual requests or instructions. If something seems off, contact the supposed sender through another means of communication to confirm the email’s legitimacy.
Poor Grammar and Spelling
While some BEC attacks are sophisticated and well-executed, many still contain poor grammar and spelling. These errors can be a clear sign that the email is a scam. Professional emails, especially those from high-ranking officials, are typically well-written and proofread.
Keep an eye out for awkward phrasing, unusual language, or excessive typos. These could be indicators that the email is not from who it claims to be.
Best Practices to Protect Your Business
Now that we’ve covered the common signs of a BEC attack, let’s move on to the best practices you can implement to protect your business from such attacks.
Implementing Advanced Email Security Solutions
In addition to employee training, implementing advanced email security solutions is another effective way to protect your business from BEC attacks. These solutions can help detect and block suspicious emails before they reach your employees’ inboxes.
Look for solutions that offer features like email authentication, spam filtering, and phishing detection. These tools can significantly reduce the risk of a successful BEC attack by identifying and blocking suspicious emails.
Establishing Protocols for Verifying Financial Transactions and Sensitive Requests
Establishing protocols for verifying financial transactions and sensitive requests via email is another important step in protecting your business from BEC attacks. These protocols should require multiple levels of approval for financial transactions or sensitive requests.
For example, if an email requests a wire transfer, the recipient should be required to verify the request with the supposed sender through a different communication channel, like a phone call or face-to-face meeting. This extra step can help prevent fraudulent transactions and protect your business’s financial resources.
Regularly Updating and Patching Software to Protect Against Vulnerabilities
Finally, regularly updating and patching your software is crucial in protecting against BEC attacks and other cybersecurity threats. Cybercriminals often exploit known software vulnerabilities to gain access to your systems and data.
Ensure that all of your software, including your operating system, antivirus software, and other applications, are regularly updated and patched. This will help protect your systems from known vulnerabilities and reduce the risk of a successful BEC attack.
Employee Training and Awareness
First and foremost, it’s essential to ensure that your employees are well-educated about BEC attacks and other cybersecurity threats. Employee training and awareness programs can help your staff recognize and respond appropriately to suspicious emails.
Training should include information about the common signs of a BEC attack, as well as strategies for verifying the legitimacy of an email. It’s equally important to foster a culture of cybersecurity where employees feel comfortable reporting suspicious activity without fear of retribution.
In conclusion, Business Email Compromise is a significant threat to businesses, but with awareness, training, and the right security measures, it’s a threat that can be effectively managed. Remember, protecting your business from cyber threats is not a one-time task but an ongoing process that requires vigilance and proactive measures.