Emails have become one of the most widely used methods of business communication. Almost all industries—from retail to IT, music to agriculture, real estate to construction—use email for business. The bad thing is that emails are one of the root causes of cybercrimes such as business email compromise (BEC) attacks.
BEC is a common issue for small and large businesses, costing them billions of dollars over the years. So what are BEC scams? And how can you stop opportune cybercriminals in their tracks?
What Is Business Email Compromise?
Business email compromise (also known as man-in-the-email attack) is a scam in which a cybercriminal obtains access to a business email account and impersonates the owner in order to gain access to critical business information or defraud the company and its partners, employees, and customers.
BEC attacks are difficult to prevent as the emails do not have some of the hallmarks of other types of phishing attacks. For instance, in many cases, BEC attacks don’t contain malicious URLs or attachments, making it hard for standard security tools like spam link checkers to detect them. But they are not impossible to prepare for and prevent.
How to Prevent Business Email Compromise Attacks
The best way to combat email scams is to prevent them in the first place. Follow these tips and best practices to protect yourself from BEC attacks.
1. Set Up Two or Multi-factor Authentication for All Company Email Accounts
Multi-Factor Authentication (MFA) and Two-Factor Authentication (2FA) are cybersecurity solutions that add an extra layer of protection on top of passwords. This makes it difficult for attackers to hack email accounts and use them to execute BEC attacks.
MFA requires that attackers have something else (an authentication app, key, or phone) in their possession to access your email. At the very least, enable MFA for high-risk employees, including payroll clerks, C-level executives, and admins.
Calling trusted numbers to confirm urgent requests before transferring funds to a familiar vendor can also be part of two-factor authentication.
2. Train Employees to Recognize BEC Attacks
While employees are an organization’s most valuable asset, they’re often its weakest link in cybersecurity. Training employees on how to spot phishing emails and the procedures for responding to suspicious messages is a critical step in protecting your company against BEC attacks.
3. Establish Strict Processes for Wire Transfers
Your company should always pay close attention to wire transfer requests, especially those that must be completed quickly or without proper authentication.
Before responding to a wire transfer request, review the email requesting funds transfer to determine its authenticity. Ideally, always confirm wire funds transfer requests using some medium other than email. You can verify requests in person or via a phone call to previously known numbers (not one in the email).
Transactional parties should know and adhere to clearly defined authorization policies for financial transactions. Your company, for instance, should have additional verification procedures whenever a vendor shares new banking details.
4. Implement DMARC Protection
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is one of the most common email security protocols known for its spam-filtering abilities. DMARC can provide threat detection and prevention against multiple forms of email scams, including BEC attacks.
Stop BEC in Its Tracks
Recent years have seen accelerated digitization of businesses: companies moving their staff to remote working, getting rid of paper printouts, and a surge in the use of emails. But the more businesses rely on emails, the more likely cybercrimes, like BEC attacks, will thrive.
BEC attacks are a very effective method of manipulating victims into sending money or sensitive data. These scams are a serious threat to businesses, and companies need to know how to combat them. Educating your employees, verifying wire transfers, and enabling multi-factor authentication are solid ways of preventing BEC attacks.
6 Ways Your Email Address Can Be Exploited by Scammers
About The Author