<img src="https://ws.zoominfo.com/pixel/PMY3ZvbpZt27ywWwZSBB" width="1" height="1" style="display: none;">


Remote Employees and Network Security

Working from home is not going anywhere. In fact, research shows that post-pandemic 42% of employees who worked strictly from a company-based location will not return to the office. Do you know how this will impact your business? Learn more about the tools needed to protect your client data and improve employee productivity.

business email compromise

Business Email Compromise and Why You Should Be Worried

Corey Skrede
3 min read
Nov 16, 2022 3:30:45 PM
This post covers:Your Business. Secure. | Managed IT

Learn how to protect your business

Business email compromise (BEC) is one of the most financially damaging online crimes and it’s on the rise. They are sophisticated schemes, and even the most astute have fallen victim. Here is what you need to know and how you can protect your organization.

What is business email compromise and how does it work?

It’s a cyberattack designed to gain access to critical business information or extract money through email fraud. When there is a BEC attack, a bad actor gains access to an email that belongs to an employee. After the email is compromised, the hacker can monitor all email communications, send emails, and delete emails without the victim’s knowledge. When the bad actor sends an email, it appears as though it’s coming from a trusted source. These emails are typically an attempt to convince victims to reveal critical business information or process a payment request. Companies that use wire transfers, foreign suppliers, and other invoice transactions are frequent targets of BEC attacks.

Business email compromise is on the rise

A BEC attack leads to losses that can impact both your finances and your reputation. Once you have suffered a BEC attack, the impact can be catastrophic for your present and future revenue while also damaging your brand and business relationships. Both small businesses and large corporations have fallen victim to BEC attacks.

The U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) issued a public service announcement earlier this year. In it, they stated between July 2019 and December 2021, there was a 65% increase in identified exposed losses with BEC attacks, which includes both actual and attempted losses in the United States. The total number of domestic and international incidents for that time was 241,206 and over $43 billion dollars in exposed dollar loss. It was the number one reported scam in money loss nationally for 2021. BEC scams have been reported in all 50 states and 177 countries.

Additionally, the FBI IC3 reported this year receiving an increase in BEC complaints involving the use of virtual meeting platforms. With the increase in remote work from 2019 through 2021, criminals began using virtual meeting platforms and collaboration tools to conduct more BEC-related scams.

What does a BEC attack look like?

Here is an example of what a traditional BEC attack might look like:

A hacker obtains access to an email account that belongs to you or your vendor. The hacker logs into the compromised email, monitors communications, and quietly waits for the right time. When a potentially large invoice is due, the hacker creates and registers a very similar domain to the one expecting payment. With this new domain, the hacker impersonates the vendor and requests a payment method change. The slight change in vendor name isn’t noticed, and the new payment information is provided unknowingly to the hacker.

Here is an example of what a BEC virtual meeting attack might look like:

A hacker compromises a CFO or CEO’s email and requests an employee participate in a virtual meeting platform. There, the cybercriminal will insert a still picture of the CFO or CEO with either no audio (and claim their audio and video aren’t working well) or deep fake audio. They then instruct an employee via the chat platform or in a follow-up email to initiate a transfer of funds. The victim trusts the source and completes the fund transfer.

How to protect your organization from business email compromise

You don’t want either of those scenarios to happen to your business. There are some key cybersecurity measures to incorporate into your organization to help prevent a BEC attack.

  • Multi-Factor Authentication (MFA). Multifactor authentication is a process that requires a 2nd form of authentication when a user tries to log into an email system or other system.
  • Password Manager. Use a password management solution with a convenient password generator to uniquely configure your passwords automatically.
  • Security Education and Awareness Training. It is essential to educate your staff on how to identify phishing and wire fraud. Your employees should complete essential security awareness and education training on a scheduled basis.
  • Cybersecurity Monitoring. Modern cybersecurity monitoring solutions will detect compromises in your company accounts by monitoring login activity and the geographic location of users.
  • Dark Web Monitoring. Your business should be monitored for any information that may exist on the dark web and action needs to be taken if passwords or other breaches are found.

You need to be always on your toes to protect your organization from business email compromise. The most effective way to protect your organization from a BEC attack is to make sure it never reaches your employees. As a Managed Security Service Provider (MSSP), the team at Locknet® Managed IT are experts in these cybersecurity measures and more. We can help you improve your security position, so you don’t become part of the startling business email compromise statistics.



Subscribe by Email