In recent years, a highly sophisticated phishing method called Business Email Compromise (BEC) has emerged in the world of cybercrime. According to the FBI, BEC had affected upwards of 22,000 victims and caused almost $3.1 billion in financial losses as of May 2016. The vast majority of these victims were businesses that regularly work with foreign suppliers and/or perform wire transfer payments.
Unlike traditional scam emails, which are typically pretty easy to identify, business email compromise is much harder to detect. That's because the cybercriminals behind these attacks go to great extents to ensure their phony emails won't be met with suspicion by employees. To do so, they learn as much as they can about the organization they are targeting and familiarize themselves with the payment method that is commonly used there. Then, they send an email that seems completely legitimate to an employee requesting that money be wired into an account.
Sometimes criminals will impersonate a vendor, but other times they will hack into the account of a top executive at the company to send the email, thereby giving the employee no reason to doubt the authenticity of the request. That's what makes this phishing scheme so easy to fall victim to, especially if your company does wire transfers on a regular basis. So what can your business do to avoid being the victim of a BEC attack? Here are a few tips from our IT security company in Bucks County:
- Make it company policy for employees to validate all money wiring requests before completing them – Suitable ways to verify a request may include calling or speaking in person with the employee who sent the email or a financial administrator. This step may seem tedious, but it's well worth the extra effort considering it can save your company from losing huge sums of money.
- Advise employees to be aware of emails containing language that a coworker does not typically use – BEC attackers often use phrases such as “kindly” and “I beg.” If even one word in an email seems out of place, have employees double-check that the sender of the email is who they say they are before taking any actions.
- Also be on the lookout for fishy phone calls – If attackers don't succeed in gaining access to email accounts, they will often resort to impersonating company officials or vendors over the phone. With this in mind, your company should establish a policy that information should not be given out until a caller's identity has been proven.
- Amp up your email security – To make it more difficult for unauthorized individuals to hack into the email accounts of company employees, your organization may want to adopt two-factor authentication. This security measure requires an extra piece of private information to be provided in addition to the username and password for an account.
Now that you've learned all about BEC, you're ready to thwart any attacks that may be targeted at your organization.
Alura Can Help Keep Your Network Safe from Threats
Here at Alura Business Solutions, we've made it our mission to help small and mid-sized companies shield their networks from phishing schemes, malware, viruses and all of the other cyberthreats that exist today. When you hire our Bucks County IT security company, you'll receive personalized service that corresponds to the specific needs and goals of your organization.
Interested in learning about our comprehensive security services? Call 844-558-7200 or browse our website now. And while you're at it, don't forget to read up on our tips for keeping customer information secure. We look forward to showing you what makes us the IT security company Bucks County businesses trust!