Business Email Compromise (BEC) is a cybercrime scam where an imposter is waiting to access critical business information in order to defraud a company. Cybercriminals send emails that appear as though it is coming from a vendor, trusted business partner, or a trusted source within the company such as the CEO. These emails are an attempt to convince someone within the company to send critical business information or a request for payment that wouldn’t have otherwise been sent.
Below are some examples to be aware of in order to spot a possible BEC:
Account Compromise
An employee’s email has been compromised allowing the imposter the ability to monitor their emails. Once an opportunity arises such as a request to submit payment for an invoice, the imposter will create an email address very similar to the employee’s, allowing them to intercept the email conversation. The imposter will then request payment to be sent with new payment instructions.
CEO Fraud
In this type of attack, the imposter will pose as the Company’s CEO or top executives and send emails to employees. The imposter will ask for confidential information or request them to send money.
Data Theft
Employees who have access to employee data are the targets, such as Human Resources staff, to then obtain sensitive data regarding employees and executives. This information is then used in future attacks.
How you can detect a BEC:
● Are there any changes to the previous bank or payment instructions?
● Look for misspellings and grammar errors.
● A request to bypass procedures.
● There is a sense of urgency to give information or send payment.
How to protect against BEC:
● Verify payment and purchase requests in person if possible or by calling the person using a number already on file. Never call the number provided in the email message to verify the information.
● Don’t click on anything in an unsolicited email or text message.
● Carefully examine the email address, URL, and spelling used in the correspondence.
● Be cautious of what is downloaded. Be wary of email attachments forwarded to you.
● Educate your employees on how to identify a BEC and what to do if there is an attack.
For more information visit http://www.efirstbank.com and select the Fraud Prevention option in the “Get Help” dropdown.
FirstBank
12345 W. Colfax Avenue
Lakewood, CO 80215
Business Email Compromise: A Cyber Attack. Do you know who you are really talking to?
