Any form of compromise when it comes to your company’s assets is a concern, however, the ways a compromised business email could impact the organisation are significant which makes this a particularly threatening form of cyber attack. In this blog, we’ll explore what exactly Business Email Compromise is, how it can impact you and how to best protect yourself and your company.
What is a BEC scam?
You may have heard the term phishing – where a cybercriminal impersonates a legitimate organisation and uses common forms of communication such as email and SMS to link users to a fraudulent website and convince them to share their personal information. A BEC scam is similar in that it uses the reputation of a business to trick unsuspecting victims, however, a BEC scam typically involves breaching a company’s security and sending fraudulent emails from the compromised email account.
Some of the ways these bad actors use these compromised email accounts to reach their means are:
- Sending invoices with edited financial details so the company’s customers transfer payment to the cybercriminal’s account
- Impersonate an employee within the company in a way that will allow payments to be transferred to themselves. A common form of this is by updating the bank details of employees so their salary is redirected to the cyber criminal’s account
- Place an order using a compromised account for expensive goods and have these goods delivered to the cybercriminal instead of the company
The impacts of BEC and other forms of email fraud
The impacts on a business whose email has been compromised and used for malicious purposes can be significant. Not only could the continual fraud be aimed internally, but by redirecting payments to an account not related to the business, there could be financial impacts that may dramatically impact your bottom line. If customers and vendors are involved, this could also damage your brand’s reputation.
How to improve your organisation’s BEC cybersecurity
It’s vital that your business has adequate protections in place to ensure Business Email Compromise doesn’t occur. Some safeguards you can put in place are:
- Multi-factor authentication – The more steps you have in place to access internal applications, the harder it is for them to be breached. Some steps you can include are passwords/PINs, fingerprint scans and physical pass keys
- Regular training sessions for staff – Ensuring your employees know what to look out for, can go a long way to protecting your company assets. Some key things to be aware of are suspicious-looking emails or domain addresses and sudden and unexpected requests for payment or a change of bank account details
The best way to protect your company from cyber threats is by working with an expert team of analysts who can work around the clock to protect you and your business. The team at FraudWatch employ intelligent DMARC and email security strategies to ensure your business stays safe from these types of attacks.
Reach out to FraudWatch today to discuss how we can help your business.