The dangers of business email compromise for your business

The dangers of business email compromise for your business

Email is one of the most commonly used business communication platforms today. However, it is also a popular tool for spreading cyberattacks. With emails, cybercriminals can pull off a wide array of scams, one of which is business email compromise (BEC).

What is BEC, and how does it work?

BEC is a type of cyberattack where threat actors pretend to be a legitimate business entity or individual to trick employees into making fraudulent wire transfers.

The scam starts with hackers imitating or compromising the email account of an employee or executive manager. They then send seemingly credible emails that urges the recipient to authorize an emergency wire transfer. The threat actors may even use invoices that look identical to those issued by vendors to appear more legitimate.

BEC attacks are becoming more prevalent because they are relatively easy for cybercriminals to carry out and can be very lucrative. In fact, statistics collected by the FBI’s Internet Crime Complaint Center between June 2016 and December 2021 revealed a total of 241,206 domestic and international incidents. This is equivalent to a total loss of more than $43 billion.

What are the risks of business email compromise?

Aside from the direct financial losses, BEC attacks can hinder business operations, damage reputations, and result in hefty fines. For example, if critical data is stolen, it could prevent employees from doing their job properly, resulting in decreased productivity and lost revenue. In some cases, BEC attacks can even result in permanent data loss.

What are some real-life examples of BEC?

There have been many high-profile BEC attacks in recent years. Here are a few notable examples:

Facebook and Google

Back in 2019, a man was sentenced to five years in jail for stealing $122 million from Facebook and Google. The scammer distributed fake invoices to accounting departments while impersonating a legitimate Taiwanese company. Since neither Facebook and Google found the request fraudulent, the scammer was able to run away with millions of dollars.

Ubiquiti

In 2020, networking equipment company Ubiquiti was hit with a BEC attack that resulted in a $46.7 million loss. The attacker spoofed the email address of the company’s CEO and sent out fake invoices to the finance department. The victims wired the money to the attacker without realizing that the request was fraudulent.

How can businesses prevent business email compromise?

Here’s what you need to do to protect your business from BEC attacks:

1. Use strong authentication methods

When setting up email accounts, use strong passwords and multifactor authentication (MFA). MFA requires users to provide at least one more authentication factor besides a username and password, such as a one-time code, physical key, or a fingerprint scan. By enabling MFA, cybercriminals won't be able to access accounts without the employee's login credentials and subsequent authentication factors.

2. Train employees on cybersecurity awareness

Educate your employees on the dangers of BEC attacks and what they can do to avoid falling victim to them. For example, they should be aware of how to spot a spoofed email address and be cautious of clicking on links or opening attachments from unknown senders.

3. Deploy security software

Some cybersecurity solutions can help you defend your business against BEC scams. These include:

  • Anti-spam and anti-malware programs: These can prevent BEC emails from landing in your employees’ inboxes. They can also block malware from infecting your systems.
  • DNS authentication platforms: These can determine the legitimacy of an email sent from a certain domain.
  • Anti-impersonation software: These applications block BEC scams by identifying known social engineering techniques used by attackers.

4. Seek the help of a managed IT services provider (MSP)

To ensure that your business gets the best protection from BEC scams and other similar attacks, you can partner with a reliable MSP like Founders Technology Group. We can monitor incoming messages 24/7/365 and prevent malicious ones from landing on your employees’ inbox. Book your complimentary consultation with us today.