Email scams such as phishing may not seem as sophisticated as ransomware, but the threat they pose to businesses should in no way be underestimated. According to studies, 90% of data breaches in 2021 resulted from phishing attacks. But data breaches, shouldn't be your only cause for worry. A more advanced type of phishing, called a business email compromise (BEC) scam, may actually cause more severe financial losses for your business than any other cyberthreat can.
What are BEC scams?
Unlike conventional phishing email scams that are sent to as many potential victims as possible, BEC scams are meant for specific targets. This makes them similar to spear phishing, another advanced type of phishing. The difference is in the scammers' goal; spear phishing is usually meant to purloin sensitive data, while BEC scams are designed to steal their victims' money. This is why BEC scams usually target managers, C-level officers, finance personnel, or anyone in the company who can perform or authorize wire transfers.
To increase the attack's chances of success, BEC scammers carefully research their intended victims beforehand. They may then use a stolen or spoofed email address to imitate the victim's client, superior, colleague, or vendor, instructing the target to transfer money to a specified bank account. Sometimes, they may also use falsified invoices and other documents to make their ruse more believable.
Data from the FBI reveals a grim picture of just how dangerous BEC scams can be. Organizations in the United States lost $2.4 billion in 2021 alone, a 30% increase from losses in 2020. What's more, this scam has caused businesses across the globe financial losses amounting to $43 billion between 2016 and 2021, making it the costliest cyberthreat of all.
How can you prevent BEC scams from hitting your business?
You can minimize the risk of a BEC scam affecting your business in the following ways:
Secure your online accounts
You can prevent a BEC attack by stopping cybercriminals from hacking into or stealing your email and other online accounts. Do this by encouraging your team to follow password best practices, such as using unique and complex passwords. You can also implement multifactor authentication (MFA), which requires users to submit several proofs of identity before they are allowed to access their account. MFA makes it hard for cybercriminals to hack into online accounts even if they were to succeed in stealing your employees' passwords.
Limit money transfers
Make sure that there are only one or two people in your organization who can authorize money transfers. These individuals must also be trained in detecting BEC and other types of money-related scams.
Examine the sender's email address
In case you receive an email requesting money, double-check the sender's email address for signs of a spoofed email address. A spoofed email address is an email account that imitates a legitimate address. Among its tell-tale signs are suspicious characters and spelling variations, especially in its extension. For example, if "email@example.com" were the legitimate address, the spoofed version could be "firstname.lastname@example.org."
Get to know the people you usually communicate with
Familiarize yourself with the way your clients and colleagues write their emails. When you receive an email from them asking for money, make sure to examine their message closely. If you find words and phrases in the email that they normally wouldn't use, then it's safe to assume the message is fake.
Always verify money transfer requests
Make it a rule that all money transfer requests be confirmed with their supposed senders using methods besides email. Phone and video calls are among the best ways to do this as you can actually talk to the other person in real time.
Train your staff
BEC and other email scams can happen to anyone in your team, so make sure your employees are trained to handle these cyberthreats. You can conduct cybersecurity awareness training with the help of IT experts from [company_short] to educate your staff on cybersecurity threats and best practices. These cover identifying, avoiding, and reporting email scams, good online behavior, and proper methods to secure online accounts.
BEC scams are severe threats to your business that you need to take seriously. If you partner with [company_short], we can help augment your business's defenses against email scams and other cyberthreats, protecting you from financial losses caused by cyber incidents. Make your business more resistant to cyberthreats by contacting our IT experts today.