The growing threat of business email compromise (BEC), and what you can do about it
BEC is a scam in which hackers target companies that pay their bills through wire transfers. Typically, scammers will impersonate C-suite employees and leverage social engineering techniques to route funds to themselves, resulting in hundreds of thousands in losses. In 2016, the global average for costs faced by a single company was $140,000.
Below are the 5 most common forms of BEC fraud, according to the FBI:
- The Bogus Invoice- Fraudsters pose as vendors requesting payments to accounts that are owned by them. Such an incident is most common among companies who deal with foreign suppliers.
- CEO Fraud- As the name implies, cyber criminals will assume the role of an executive and request fund transfers from their finance teams.
- Account Compromise- In this scenario, employee accounts are hacked and leveraged to request invoice payments from vendors.
- Attorney Impersonation- Attackers pretend to be lawyers in charge of confidential information and will ask for unusual requests via phone or email. This form of BEC tends to occur toward the end of a business day.
- Data Theft- Hackers will go after HR and finance employees to gain PII and tax statements of employees, which can be used for future attacks.
What makes BEC so dangerous is that such scams can circumvent traditional security solutions, since they do not contain any malicious links or attachments that can be identified. Some immediate security flags for such tactics are words like ‘request, payment, transfer, or urgent’ in an email subject line, but employee cybersecurity training and awareness remains the most effective solution to preventing BEC.
Post a Comment