Business email compromise (BEC) is a sophisticated and lucrative fraud which has been increasing in prevalence among criminal actors in recent years. It involves criminals impersonating executives, other high-profile figures or employees to deceive their targets into initiating unauthorised financial transfers of large sums of money. Due to the size of these transfers, even a single successful exploit can cost businesses in Ireland millions of euros. For this reason, it is essential for businesses to be aware of the risks associated with BEC and to ensure robust measures are in place to protect against it.
Tier3Tech provides an in-depth look at BEC and explore how to detect and prevent it. We will cover the indicators to watch out for; the latest techniques and tactics used by criminals and best practices that businesses should adopt to reduce their risk of becoming victim to BEC. We will also discuss the most effective ways to respond if a business does become a victim and how quickly they can act to mitigate any losses incurred. By following these prevention and response measures, businesses can increase their chances of avoiding this costly threat.
What is Business Email Compromise?
Business Email Compromise (BEC) is a form of cybercrime wherein malicious actors seek to compromise the email accounts of individuals or businesses in order to conduct fraudulent activity using the hijacked accounts. BEC fraudsters might seek to deceive victims by using spoofed or maliciously created emails or by accessing existing accounts and then using them to perform criminal activities within the company or on other targets.
Typically, the goal of BEC is to direct and misdirect wire transfers, steal sensitive data and divert funds to the attacker’s accounts disguised as legitimate refunds or payments. BEC is becoming more and more prevalent, costing victims the world over billions of euros. In Ireland alone, email fraud is estimated to cost businesses almost €6m each year. It is therefore essential for Irish businesses to remain vigilant and remain informed and prepared in order to protect themselves from the sophisticated techniques employed by fraudsters.
Spelling and Grammar Mistakes
One of the key signs of business email compromise is poor spelling and grammar in emails sent from within the company. Typical mistakes may include incorrect names, punctuation and spelling or words in different contexts. Such mistakes may indicate an account has been hacked and manipulated by a third party. It is advisable to be extra vigilant when checking emails, as well as setting up authentication and validation systems to ensure only authorised parties can access emails.
Sense of Urgency
It is important for Irish businesses to be aware of the signs that a scam is unfolding so that they can take appropriate steps to protect their business. One key sign of BEC is a sense of urgency. Attackers will use fear to pressure their targets into making quick decisions, so it is important to be wary of any sudden demands for money, information or requests to transfer funds.
It is essential that businesses respond to these requests with caution and assess the situation carefully before making any decisions. By being aware of the dangers of BEC and watching out for signs of urgency, businesses can take the necessary steps to prevent themselves from encountered costly and damaging attacks.
Many Business Email Compromises occur because email messages appear to come from a legitimate source, such as an executive or other high-ranking official within the company, but the sender is actually an unknown third-party.
This unfamiliar sender may appear to be an employee but can be identified by comparing the email address to the list of employee email addresses. If the address does not match, it is important to verify with other employees and exercise caution before responding.
Requests for Personal Information
One of the tell-tale signs of a possible Business Email Compromise is the recipient being asked to share personal information such as bank account details, credit card numbers, passwords or date of birth.
This information should never be sent in response to an email and businesses should be sure to adopt strong security measures to protect their email accounts from this type of attack. As a part of these security measures, Irish businesses should provide training to staff and remind them never to share personal information via email. As a general rule, staff should always be suspicious of requests for sensitive personal information and question the validity of the source.
Methods of Prevention
Have a Systematic Approach
The first step in preventing BEC is to establish a systematic approach to email security. This should include clear policies and procedures for handling sensitive information, conducting financial transactions and verifying the legitimacy of email requests. By having a well-defined process in place, you can reduce the likelihood of falling prey to BEC schemes.
Human error is often the weakest link in email security. Training your employees to recognise the signs of BEC and follow security protocols is crucial. Conduct regular cybersecurity awareness training to educate your staff about the dangers of BEC and teach them how to identify suspicious emails and requests.
Company Cybersecurity Training
Educate your workforce on cybersecurity threats and how to appropriately deal with them.
Use Multi-Factor Authentication
Implementing multi-factor authentication (MFA) is a simple yet effective way to enhance email security. MFA adds an extra layer of protection by requiring users to provide two or more forms of identification before accessing their email accounts. Even if a cybercriminal gains access to login credentials, MFA can thwart their attempts.
Utilise Email Security Tools
Invest in robust email security tools and solutions. These tools can automatically detect and filter out suspicious emails, phishing attempts and malicious attachments. Email security software uses advanced algorithms to analyse email content, sender behaviour and more, helping to block potential threats before they reach your inbox.
Detecting Suspicious Emails
While prevention is key, it’s equally important to know how to detect suspicious emails when they do land in your inbox. Here are some steps to follow:
Checking the Header Information
Examine the email header information carefully. Look for anomalies or inconsistencies in the sender’s email address, domain or the email’s routing. Cybercriminals may use email spoofing techniques to make their messages appear legitimate, but a closer look at the header can reveal the deception.
Looking for Clues in Links
Hover your mouse pointer over any links within the email, but do not click on them. This action will display the actual URL. Verify that the URL matches the legitimate website and be cautious of shortened or suspicious links. Phishing emails often contain links that lead to malicious websites.
Being Wary of Requests for Sensitive Information
Exercise extreme caution when you receive emails requesting sensitive information such as bank account details, credit card numbers, passwords or personal identification information. These requests should be treated as red flags and you should independently verify the authenticity of such requests.
Responding to Suspicious Emails
In the unfortunate event that you receive a suspicious email, it’s essential to respond appropriately. Here’s how to handle it:
Verifying the Request is Legitimate
Before taking any action, contact the purported sender directly through a trusted communication channel to verify the request’s legitimacy. Do not use the contact information provided in the suspicious email, as it may be fraudulent.
Contacting the Sender Directly
If the email claims to be from someone within your business, pick up the phone or send a separate email to the individual to confirm the request. Do not reply to the suspicious email or use the reply-to address provided in it.
Reporting the Attack
If you determine that the email is indeed a BEC attempt or a phishing attack, report it immediately to your IT or security team. They can take steps to investigate, contain and mitigate any potential damage.
Reporting an Attack
Short Term Response
In the short term, isolate compromised accounts and secure any financial assets that may have been targeted. Ensure that all affected employees are aware of the situation and are vigilant about email security.
Long Term Response
A BEC attack should prompt a comprehensive review of your business’s email security policies and practices. Consider implementing additional security measures, conducting regular security audits and continuously educating your employees about email security best practices.
Potential Impact of Business Email Compromise
Understanding the potential consequences of BEC is crucial for businesses:
Loss of Funds
The most immediate and significant impact of BEC is financial loss. Businesses can lose substantial sums of money and recovery may be challenging.
BEC attacks can tarnish your business’s reputation. Customers, partners and stakeholders may lose trust in your ability to protect sensitive information.
BEC attacks can lead to legal complications, especially if sensitive customer data is compromised. Businesses may face regulatory fines and lawsuits.
Reach Out to Tier3Tech for Cybersecurity Solutions
At Tier3Tech, we specialise in cloud optimisation and cybersecurity solutions. Our team of experts is here to assist your business in identifying vulnerabilities, implementing security best practices, providing the latest in email security tools and hosting cybersecurity training.
Don’t wait until it’s too late. Contact Tier3Tech today to fortify your defences and keep your business safe from the costly threat of Business Email Compromise.