You’re not alone if you’ve never heard of Business Email Compromise or BEC attacks. Unfortunately, these attacks are becoming increasingly common and can cause significant problems. Whether you’re a small startup or a large corporation, it’s important to know the dangers these attacks pose and what steps you can take to safeguard against them.
In this blog, we’ll dive into why BEC attacks are so disturbing and what you can do to protect your business from falling victim to one.
What’s so special about a BEC attack:
BEC attacks occur when hackers impersonate trusted individuals or organizations via email to obtain sensitive information or to initiate financial transfers. They are a type of phishing attack, but different in ways that you may not know about:
1. YOU are the Target
Where most phishing attacks are sent randomly to large groups of people at a time, BEC attacks specifically target budget holders; high-level employees such as executives or finance managers.
The attacks are highly sophisticated and trick the victim into taking some type of action: often requesting payments to an account controlled by the attacker. Although these email messages do not generally contain malware, malicious links, or virus-infected email attachments, they are just as dangerous, if not more so.
2. Someone You “Know” is the Lure:
The fact that the emails used in a BEC attack are highly personalized to the intended victim reflects that a considerable amount of advanced research was done by the attacker before the scam was created.
A common strategy used by hackers is the “man-in-the-middle” technique, in which an attacker poses as a third party with whom you have regular contact, like a supplier, vendor, or colleague. The sender will ask you to make a wire transfer, divert payroll, change banking details for future payments, or request payments or other sensitive information to be sent to an account controlled by them.
These attacks can be challenging to detect as attackers often use genuine-looking email addresses and logos to give the illusion of legitimacy, tricking you into thinking that you are communicating with a trusted party.
What Have You Got To Lose?
Erroneously sending (a significant sum of) money or private information to a criminal will fluster even the most steadfast business owner. And the consequences of a BEC attack don’t end there. Attacks like these often have effects that you may not have considered before:
For instance, how will that large, unexpected (and illegitimate) money transfer affect your cash flow? Would it result in disruptions to normal business operations? How would your customers respond if they discovered that your business is not adequately protecting sensitive information? How likely is it that they would lose their trust in you? Could that ultimately result in decreased business? Of course, you could hire a PR firm and increase your marketing budget to try and repair the damage, but that’s a gamble without guarantee.
Prevention Is Key.
Unfortunately, none of us control the outside threats to our network. You can only control how well-prepared you are to fend them off.
According to research from security software firm Trend Micro, some 91% of cyberattacks begin with an email.
Because BEC attacks don’t generally contain malware, malicious links, or dangerous email attachments and typically contain nothing but text, they often slip by consumer-grade email filters, not created to protect against these more sophisticated scams. Implementing robust, business-grade email security measures is an excellent defensive strategy.
However, because BEC attacks focus on human frailty rather than technical vulnerabilities, they require a people-centric defense in addition to the levels of security your IT support partner can (and should) implement for you.
Awareness, detection, and proper response to scam emails are crucial.
Inform the people on your team not only about these attacks’ existence, but also about the risks involved and how to spot them. Your Employees should be mindful of warning signs such as requests for confidential information or monetary transfers from unfamiliar sources or emails asking to transfer money to unfamiliar bank accounts. Creating a work environment where everyone knows to pick up the phone and validate any request that feels phishy or “off” goes a long way in creating that human shield every business so desperately needs.
And What To Do If You’ve Already Clicked?
If you think you’ve been a victim of a phishing attack of any kind, tell your IT department as soon as possible. The earlier you tell them, the more likely they’ll be able to help. The most important thing is not to panic!
BEC attacks are a rapidly growing threat to businesses of all sizes. By proactively securing your email communication and staying alert, you can prevent your business from being impacted by these costly and harmful attacks.
Being able to rely on a trusted IT support partner who monitors unusual activity on an ongoing basis and proactively remediates problems immediately will provide added peace of mind. If you don’t have one on speed dial, call 845-237-2116 and let us know how Meeting Tree Computer might help.
