Cybercriminals are becoming extremely skilled at business email compromise (BEC) – sometimes referred to as CEO Fraud – making it crucial that your employees are aware of how to detect and avoid email fraud. BEC by definition is a highly sophisticated scam targeting businesses which work with foreign suppliers or businesses for whom wire transfers are commonplace.
Most often, scammers will imitate the CEO of a company, hacking their email and spending months studying their interactions with employees. Hackers will take advantage of bosses who rule with a heavy hand so-to-speak, as employees are more likely to fulfill requests from this type of CEO with haste. Other times the scammer will impersonate a foreign vendor you frequently do business with.
These black hat hackers will also go as far as to register domains which are nearly identical to your corporate domain or that of a vendor you work with. By switching as few as two letters – also known as typosquatting – our brains will naturally unscramble the words without even realizing. Using social engineering tactics, they craft emails so believable that even the highest level of finance and human resource executives are falling victim to the scam. In fact, the FBI released statements last year which reported that cybercriminals had scammed $3.1 billion from 22,000 victims in at least 79 counties through business email compromise from October 2013 through February 2016.
The single most effective tactic you can implement to avoid BEC is to continuously train all employees to be able to detect email fraud. An organization’s employees are its greatest weakness when it comes to cybersecurity. Any emails regarding financial transactions should be taken very seriously. Fraudulent emails will often create a sense of urgency and so the words urgent, payment, and request should be seen as red flags. Following up with a phone call to confirm legitimacy could save your company millions and avoid a tarnished reputation.
For more information on BEC and how to develop your own cybersecurity plan contact us below.