According to the Verizon 2019 Data Breach Investigations Report, 43% of data breaches affect small business. Due to their size, small businesses often do not have the resources to focus on cybersecurity. But they still handle large amounts of business and consumer data. This makes them a prime target for cybercriminals. If affected, a cybersecurity or data breach incident can put a company out of business.
We’d like to help you.
Consider these 4 areas to help your business become more “cyber-secure”:
Be ready - Strategy and Policies
Be protective - Devices
Be secure - Networks and Online Accounts
Be compliant - Data Privacy
Protect yourself from Business Email Compromise
Business Email Compromise (BEC) is a sophisticated scam in which a cybercriminal sends an email that appears to come from a trusted source. In many types of BEC, the scammers uses fraudulent information to trick companies into misdirecting financial transactions into accounts that the scammers control.
BEC continues to trend as a key cyber threat plaguing businesses, accounting for $1.7 billion dollars in losses in 2019.
The 2021 Treasury Fraud & Controls Survey found that 86% of respondents viewed BEC as the most dangerous threat facing their organizations through 2021 and 2022. Clearly, it is a serious problem for companies and will remain so for the foreseeable future.
BEC Tactics Are Tough to Detect
Cybercriminals perpetrate BEC scams using several tactics. They can hack victims’ inboxes and use them to send fraudulent requests for payments. They can forge an email so it appears to come from a legitimate sender (a technique also known as ‘spoofing’). Or they can create a fake email account that is a close facsimile of the legitimate one (e.g., “firstname.lastname@example.org” instead of “email@example.com”) and then send a request in hopes that the recipient isn’t paying close attention. Any of these variations can be tough for victims to detect.
BEC threats also leverage deception and patience. Users may not immediately notice that their account has been compromised, giving cybercriminals time to study the organization and embed themselves into an existing communications flow. They may, for instance, learn the nuances of the CFO’s or CEO’s communications (e.g., their communication style, how they sign their name), then imitate those details so their fraudulent messages appear even more legitimate.
The target of a BEC attack may receive an email that displays the sender’s real name, title, function, the team they work on, corporate branding and their actual (or a very similar) email address, making the message extremely convincing.
Types of BEC
There are three main types of BEC:
BEC techniques can also be used in conjunction with phishing attacks (malicious emails with the goal of tricking users into exposing sensitive information or interacting with malicious content like malware). A cybercriminal who hacks one user’s inbox may, for instance, exploit their access by sending phishing messages laced with malware to their victim’s contact lists.
Tips to Avoid BEC
So, what can companies and individuals who might be targets for BEC scams do to prevent them? Here are a few important tips to follow:
Suspected BEC attempts should be reported immediately to your financial institution; you should also contact your local FBI field office to report the crime, and file a complaint with the FBI’s Internet Crime Complaint Center (IC3).