We all know not to download files attached in emails from strangers. The problem is that hackers know we know better and are finding new ways to cause trouble. The newest trick is called Business Email Compromise (BEC). Here’s how it works-
The attacker will target vulnerable inboxes and gain access to company email addresses. Then they will send an email impersonating a high-ranking company official, often the CEO, from the compromised company email address. This email will be marked urgent and request an immediate transfer of funds to a bank account owned by the attacker.
While this technique is still relatively new, it has already affected more than 8,000 businesses by stealing almost $8 million. The latest FBI statistics indicate the average loss of a BEC attack is around $130,000.
So, how can businesses prevent a BEC attack? Follow these steps.
Employee Education– Make your employees aware of this new phishing scam. Let them know it’s okay to be skeptical of emails and create a protocol for employees to follow in these situations.
Double Check Security– Is your IT department taking the right steps to filter out spam emails from your employees’ inboxes? There are ways you can be alerted when an email comes outside of your network. This can flag suspicious emails so employees aren’t fooled by an email’s prefix or domain.
Create Standard Protocol– Using a two-step verification process for all wire transfers can be a great defense against BEC attacks. This should be used for all unusual charges from vendors as well as internal requests. Anytime a single employee is requested to take immediate action, flags should be raised. Accounting employees should be the focus of these protocols and procedures.
The two most important things in business are your bottom line and your data. Protect both by securing your email against BEC attacks.