Sometimes the worst scams out there are the simplest ones. Hackers don’t need a fancy or complicated malware or algorithm to create chaos for your organization; all they have to do is convince you that the email you’ve received in your inbox is from someone of authority within your business. Let’s go over how a business email compromise is pulled off and why you need to be wary of threats like these.
What is Business Email Compromise?
Unlike other threats out there, business email compromise, or BEC for short, does not require incredible technical skills to pull off, making it a dangerous prospect indeed. BEC is when a hacker or scammer convinces the user that they are someone within the organization—usually an authority figure or executive—and asks them to transfer funds for a variety of reasons. You wouldn’t believe it, but this kind of request actually works.
After all, nobody likes to turn down a request for help from the boss, right?
According to the FBI, BEC has cost businesses upwards of $43 billion, and this number is growing larger by the day. Furthermore, companies in at least 177 countries have been reported.
How Does BEC Work?
Really, all it takes is for a hacker to do a little bit of research into the organization, determine who they can feasibly impersonate through email, spoof that email account, and contact employees within the organization using that spoofed email address. These types of social engineering attacks are uncomplicated and can pay off in spades if the hacker can manage to pull them off.
Other types of BEC are more dangerous and difficult but are equally lucrative, if not more so. Hackers can break into the actual email account of the executive or employee and keep watch over their inbox to look for legitimate purchases that need to be fulfilled. This combination makes for a dangerous and convincing request, and an eager employee might not think twice before fulfilling the hacker’s request.
What Can You Do About It?
We always like to recommend that you implement the best and brightest email security solutions out there, as well as multi-factor authentication to ensure that anyone who logs into your business-critical applications is who they say they are. Ultimately, however, who falls for business email compromise attacks will largely depend on how well you have trained your staff to identify and respond to these types of attacks. Security training should not be a one-and-done deal; you need to provide comprehensive training during the onboarding process while also providing periodic refreshers to keep security at the top of your team’s mind.
Wolk9IT can equip your business with the comprehensive security tools to keep themselves safe, as well as the training needed to identify these types of hacks before they accidentally allow a hacker to make off with your business’ hard-earned capital. To learn more about what we can do for your business, reach out to us at (646) 741-1166.