Business Email Compromise Schemes: 5 Ways to Stay Safe From Them
Business email compromise schemes sound like something you’d never fall for. But it happens. A lot.
Business email compromise (or BEC) occurs when a scammer targets a business or individual In order to fraudulently transfer funds. The scammer grooms the victim via email, sophisticated social engineering, and pressure. This grooming process can continue over a couple of days or even weeks. The scammer eventually attempts to fool the victim into transferring funds into the wrong hands.
It’s happening to businesses, large and small. And there are no signs of it slowing down.
First, what is social engineering?
Social engineering is one of the keys to the success of these BEC schemes.
In order for many types of fraud to work, a type of deception known as social engineering is employed. The criminals have done their homework, and they know the ins and outs of your industry and even your particular business.
The BEC emails can look like they’re coming from a trusted business partner, a co-worker, or even the CEO of your company!
These BEC emails can have language that jives with your industry and work function. The images, names, and even email addresses may look genuine. Thus, if you’re in a hurry, multi-tasking, or otherwise preoccupied, you may be susceptible to a BEC scheme if it hits your inbox.
It can take a keen eye, patience, and a healthy dose of skepticism to stop BEC dead in its tracks.
Increased use of cryptocurrency in Business Email Compromise schemes
The FBI released a public service announcement on their Internet Crime Complaint Center website regarding their observance of increased complaints involving business email compromise schemes and cryptocurrency.
What is cryptocurrency? According to the FBI’s public service announcement:
Cryptocurrency is a form of virtual asset that uses cryptography (the use of coded messages to secure communications) to secure financial transactions and is popular among illicit actors due to the high degree of anonymity associated with it and the speed at which transactions occur.
In the article, the FBI mentions cryptocurrency first started to be identified with BEC schemes in 2018 – this involvement continued to rise through 2019, eventually reaching record highs for reported numbers in 2020.
At the end of the public service announcement, there are multiple suggestions for protecting against these business email compromise scams, all of which are applicable to just about any type of financially motivated cybersecurity scam.
Below are some key takeaways from that list.
Business Email Compromise (BEC): 5 ways to protect yourself against this menace
1. Check that URL
If there’s a link in a questionable email, make sure the URL is genuine and associated with the business. Sometimes it’s easy to tell if the email or URL are fake – it may contain unrelated words or even gobbledygook. If the URL seems genuine but you’re not sure, don’t click on the link and try to go to the site directly. You can also consult with your IT department or Managed Service Provider before taking further action.
2. Avoid providing sensitive information via email
Emails that request login information are typically fraudulent – even if they look like legitimate communication. Remember, social engineering can mask fraud attempts, making them appear to be something from your line of business or directly from your co-worker, industry partner, vendor, or boss. Email spoofing can certainly make it difficult to discern what is legitimate, as an email can very well appear to be really coming from your partner or co-worker.
3. Take advantage of two-factor authentication
Utilize two-factor or multi-factor authentication as an additional verification method for account changes. These measures are certainly becoming more prevalent as an extra layer of cybersecurity to combat increasing fraud. Remember, although there’s no single piece of hardware or software that can defend against all threats, using multiple layers of security can help thwart even the most focused cyberattacks.
4. Regularly review your financial accounts
Not monitoring your accounts? It’s a good a idea to do so. Check for anomalies – like missing deposits – to ensure nothing fraudulent is going on. As soon as you see something odd, follow up with it immediately. Don’t put off something like this.
5. Be aware!
Awareness of potential attacks like business email compromise – and other tactics and threats, like ransomware, phishing, malware, email spoofing, and more – can go a long way toward protecting your business from fraud. Ensure you and your staff stay up to date on the latest types of attacks. And always think before clicking.
Read the FBI public service announcement to learn more about business email compromise schemes, the involvement of cryptocurrency with BEC, additional tips for protecting yourself against scams like this, and some suggestions if you fall victim to a scam.