No doubt you’re familiar with the ‘Nigerian Prince’ scam that became ubiquitous in the 1990s. Email scams have been around for as long as email addresses existed – but now they’re getting much more sophisticated. In fact, it’s one of the most damaging and expensive types of cyberattacks, costing businesses billions and billions of dollars each year.
Business email compromise (BEC) is a type of online scam in which criminals impersonate an executive or client within the company, or a lawyer to trick others in the organisation into divulging sensitive information or making financial transfers. The rogue email message typically comes from a previously hacked email address or parody account, and it can look highly convincing. In fact, they may go so far as to copy the business logo, use similar names, or near-identical domains.
How do hackers get away with online scams?
What makes Business Email Compromise such a successful attack is that we rely on email to conduct business, both professionally and personally. Furthermore, the attackers exploit trusted relationships between individuals. Finally, BEC attacks try to replicate routine workflows to get victims to just ‘do’ before thinking it through.
If you don’t know the signs to look out for, you could easily be duped. Read on to familiarise yourself with the different types of BEC scams, and how to prevent becoming a victim.
The different types of BEC online scams
Scammers infiltrate companies using malware, and then gain access to authentic email threads that discuss billing and invoices. Posing as an executive-level position in a company, the scammer will use that same information to request payments – and the accountants or financial officers will be none the wiser in dutifully sending the money through to a fake account.
Taking advantage of power dynamics within a company, the scammer will send an email supposedly from the CEO, asking the recipient to buy gift cards and to send the card number details on the premise the recipient will be reimbursed. This request is usually encouraged with a sense of urgency from the “CEO”.
Not all BEC attacks are designed to steal money from a company. A data theft targets HR and Finance in an attempt to steal sensitive information about employees. This information (think birth date and home address) can be sold on the Dark Web or in future attacks.
Impersonating a lawyer
Scammers pose as a legal representative and target subordinate employees who may not have the awareness or experience to ask about the validity of an urgent request.
Harden your defences against the threat of Business Email Compromise with FraudWatch
Be vigilant against phishing – and educate employees – and your business won’t fall victim. There are some ways to protect yourself from potential attacks, such as:
- Being wary of the sender who is pressuring you to act quickly.
- Being careful with the type of information you share online or on social media. Sharing pet names, schools you attended or even your birthday can give a scammer all the information they need to answer your security questions correctly.
- Not clicking on any links in an email that you have received from an account you don’t recognise that asks you to update or verify your account information.
- Never opening an email attachment from a sender you don’t know.
- Using multi-factor authentication.
But sometimes, these small actions aren’t enough. Don’t get caught out: secure your emails with fully managed cybersecurity fraud detection and takedown of threats with FraudWatch.
Operating 24 hours a day, 7 days a week, our expert analysts are dedicated to tracking and removing phishing and malware sites that could potentially destroy your business. Contact us today for a demonstration of our DMARC services that will protect your most important asset: your brand.