In 2021, the most expensive cybercrime was business email compromise scams. Learn how to protect your business from them.
- Scams involving business email compromise are internet crimes in which the perpetrator pretends to be someone the victim trusts, like a company executive.
- You can prevent this cyberattack by taking proactive measures as a business owner.
- If your company is already compromised, you can take steps to reduce the damage.
- This article is for those business owners interested in learning about email scams that target businesses and how they can be prevented or combated.
According to a recent Federal Bureau of Investigation report, cybercrime is continuing to increase in cost and scope. The FBI’s Internet Crime Complaint Center, IC3, released its 2021 Crime Report in March 2022. It revealed an increase of 7% from the previous year. The FBI reported that the potential loss of $ 6.9 billion increased by 64% during the same period.
While certain types of online crime have declined in recent years, the BEC scam has increased in terms of the number of victims and total loss. BEC scams could have caused $2.4 billion of potential losses by 2021.
Businesses can take steps to avoid BEC scams. This primer will help you to avoid becoming a victim of BEC scams. It will also explain how to prevent them and what to do if your business has been targeted.
What is a business email compromise scam?
A business email compromise is a scam that uses social engineering to trick a victim into believing or acting in a particular way. BEC scams are a type of crime that rely on social engineering – tricking a victim into thinking and working a certain way.
The FBI has identified five types of BEC scams. However, all kinds rely on the fraudster being able to access legitimate business email addresses. The scams can also use fake email accounts that look legitimate, a technique called “spoofing.”
For example, a cyber attacker in a BEC scheme may compromise an official’s account on the company website and send an urgent email to accounting late Friday afternoon. In the email, it may be demanded that the accountant wire money to a third-party business partner immediately to finish a project on schedule. Fraudsters control the account provided. However, an employee unaware of the scam may transfer money to the report.
In a new twist on the BEC scam, it said that it had observed fraudsters using online meeting platforms to carry out BEC schemes. In this attack variant, fraudsters would compromise an employee’s credentials for an online meeting before inviting them to a video conference. The fraudster will claim audio and video connection problems before requesting wire transfer instructions. BEC scams were a part of the business frauds that grew during the COVID-19 pandemic when people began working from home.
How can I protect my business emails from being compromised?
It can be hard to defend against business email compromise scams since they are based on human psychology, not technical vulnerabilities. It means that most security measures for computers, devices, and systems are ineffective against BEC scams.
- Understanding the threat is critical. Awareness is the first step in a good defense. You can learn how to recognize common BEC tactics and scenarios, like emails that have a tone of urgency or impersonating a trusted executive or vendor. Check the domain name of an email, and wait to click on a link until you are sure it is a safe, authentic site.
- Educate your employees. Senior executives and IT staff must be educated on BEC scams. All employees should be trained on identifying BEC attacks and what they can do if they feel they are being targeted. You can even send periodic phishing tests to see if they recognize it.
- Strengthening your IT department Consider hiring a cybersecurity professional or funding cybersecurity training for interested IT employees. Many certifications provide education about BEC scams and how businesses can protect themselves against them.
- Secure your email accounts. BEC scams are based on social engineering. However, they can begin with the fraudster taking control of an email account. For each statement, require your employees to use unique and strong passwords. Secure your email accounts and company devices using commands such as two-factor authentication or virtual private networks. The FBI recommends that you enable alerts when a foreign user logs in.
- Overhaul your payment processes. BEC scams rely on tricking a single employee into sending a wire transfer. This risk can be reduced by adding redundancies to the payment transfer process. Create a protocol to approve payments, which requires a second employee, or an executive, to verify and endorse each money transfer. It is also essential to require that employees confirm all money transfers via a second communication medium, such as a phone call or chatting in person.
- Create contingency planning. It would help if you had a plan for the worst-case scenario. This plan should include concrete steps and list who is responsible for contacting the FBI and your company’s financial institution.