3 Ways to defend against business email compromise

Wire transfer is a popular method for paying contractors or suppliers among businesses these days. It is quick, convenient, and transparent. However, these characteristics are also what make companies that make wire payments vulnerable to a cyberattack called business email compromise or BEC.

BEC attacks are financial and information theft scams. Prior to the actual attack, a scammer takes over an email account of an executive, a business partner, or an institutional partner via phishing or other means. Once inside the company’s network, the scammer studies the email account holder’s communication habits, as well as how the business operates. Once they have gathered enough intel, the scammer launches the attack by emailing what appears to be a routine request to transfer funds or relay sensitive information. However, the funds or the info will go to the scammer rather than to the legitimate recipient.

To defend your business against BEC campaigns, follow our tips below:

1. Prevent account takeovers from ever happening

BEC scammers use the email accounts of executives, business partners, and others who may have influence or authority over the organization. Therefore, if the accounts of those people aren’t taken over, then BEC assaults won’t even get a chance to start.

There are many methods that contribute to keeping accounts safe. One method is to require multifactor authentication to access user accounts. Another method is to implement sophisticated anti-spam solutions so that account holders don’t open phishing emails or inadvertently download password-stealing malware. There are more ways to keep accounts safe — to learn more, ask us about our 7 Layers of Security strategy.

Keep in mind that BEC scammers may take over the accounts of your third-party partners to get to your coffers, so require your partners to meet security requirements as well.

Related article: How to protect your online privacy in 2021

2. Watch out for telltale signs of BEC attacks

BEC attacks are low-tech scams that take advantage of weaknesses in security systems and the people that run these. However, just like how anti-malware programs identify malware by its signature, you and your staff members may also identify BEC attacks by their telltale signs:

Writing mistakes

Some of the most obvious signs of a BEC attack are grammatical and spelling mistakes, poor word choices, and awkward phrasing. However, scammers are smartening up by using online writing assistance sites like Language Tool to correct their writing mistakes. Furthermore, they are studying the person they’re impersonating more closely so that they can mimic the latter’s writing style. This allows them to craft more convincing messages.

Requests to skip security protocols

Since security protocols are put in place specifically to prevent fraudulent transactions from taking place, any request to skip such is a sure sign of a BEC attack. An email may purport that a sizable transaction needs to be expedited because of one reason or another, and the sender may even cite insider information to sound more convincing. For example, they may mention current projects the company is bidding for or actual business partners they have to pay.

Don’t be fooled. Note that a BEC attacker studies your business processes to know which protocols to bypass and they may also be privy to company information. As much as possible, follow standard procedure and reach out to the email sender via phone call or other non-email method. Don’t reply to the suspicious email — and don’t use the other contact information posted in the email — because you might just reach the scammer instead of the actual person you want to talk to. Double-check to see if the request to bypass procedures is genuine before granting it. If it’s not, report it immediately so that if the scammer initiated other fraudulent transactions, pending ones may be halted, while those that pushed through may be reversed immediately.

Emails that are uncharacteristic of the sender

BEC scammers leverage the authority C-suite officers have over the rest of the staff, but scammers may fail to emulate how these officers exercise their authority. To illustrate, a particular CIO may be known to take a long time to approve IT investments, so an email that suddenly gives a thumbs up to funding an IT project is suspicious.

3. Implement processes that prevent and counter fraudulent transactions

Other strategies for defending against BEC attacks are enhancing the security protocols for financial transactions, forming strong relationships with your banks, and obtaining cybersecurity insurance. These steps will help you thwart BEC campaigns or at least minimize their impacts on your business, so consult with a finance specialist to get started.

BEC can be thought of as a disease in that prevention is much better than cure. Let our IT specialists at SpectrumWise help you prevent BEC attacks and all other types of cyberthreats. Talk to us today!


Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.