Business Email Compromise Fraud (BEC) is a cyber scam whereby the attacker targets a business to defraud it. It’s a large problem that targets organizations across every industry worldwide. It has exposed many organizations to major losses costing billions of dollars.
Business email compromise involves;
- Illegal access
The criminal gain access to the victim’s system or devices through hacking and malware. They then deceive the employees into transferring money to their bank accounts.
- Social engineering
Criminals use the information they gather from the social media platforms of the victims.
- Urgent request
The attacker impersonates a supplier who needs urgent payments or needs to change their payment details. They can also pose as senior employees with the authority to authorize payments.
Types of Business Email Compromise Fraud
- CEO Fraud: An attacker impersonates the CEO and emails a finance department officer, requesting money to transfer to the attacker’s account.
- Account Compromise: An employee’s email account is hacked and used to request supplier payments. These payments then hit the attacker’s bank accounts.
- False Invoice Scheme: Attackers mainly use this method to target foreign suppliers. The scammers pose as the suppliers and request for payments of the supplies delivered.
- Attorney Impersonation: an attacker impersonates a legal representative. They mainly target lower-level employees who wouldn’t question the validity of requests made.
- Data Theft: it commonly targets HR employees to obtain sensitive information about staff in a company. They can use the data to leverage future attacks.
How to Protect Corporate Systems against attempts of Hacking
- Ensure to scan personal and work computers or devices frequently to avoid malware.
- Keep personal and company computers updated. Take note of security alerts and conduct periodic system checks.
- Ensure to protect your staff email accounts and alert them not to share passwords.
- Never click on an attachment or unexpected links as they have viruses that ends up giving hackers access to your computer.
- Allow spam filters in your emails and also block access to questionable websites.
How to Avoid Becoming a Target
It’s possible to avoid being a BCE fraud target. Follow these tips:
- Never post private information on your social media accounts.
- Always shred all confidential or private documents and get rid of them well.
- Never use similar passwords for your email accounts; change them often. In addition, having two-factor authentication (2FA) when logging in to your email accounts is recommended.
- Use complex passwords on your emails.
What happens if you are already a Victim?
If you have already transferred money to scammers, here are a few steps to follow.
- Gather all documents of the transaction or email received and report the scamming incident to the local authorities as soon as it happens.
- Immediately notify your bank of this transaction, as they can try to recall the funds.
- Consider consulting a public lawyer from the nation where the beneficiary account holder is. It might help retrieve your money and also open a civil complaint against the beneficiary account holder.
Be careful not to let scammers trick you into making payments to their accounts. However, if you have already made payments, gather your documentation and report the incident to the local authorities. Also, make calls to your bank and alert them of the transaction so that they can try to recall the funds.