• Home
  • Blog
  • Products
    • Partner Subscription
    • Breach Prevention Platform
    • HIPAA Services
    • Dark Web Monitoring
    • In-Email Training & Email Analysis | Catch Phish Outlook Plug-In
  • Request a Demo
  • About Us
  • Contact Us

Call us at: 877-275-4545

Partner? Login here
Breach Secure Now!Breach Secure Now!
  • Home
  • Blog
  • Products
    • Partner Subscription
    • Breach Prevention Platform
    • HIPAA Services
    • Dark Web Monitoring
    • In-Email Training & Email Analysis | Catch Phish Outlook Plug-In
  • Request a Demo
  • About Us
  • Contact Us

Business Email Compromise Scams – Here to Stay

October 2, 2018 Posted by Art Gross Security, Training No Comments

Business email compromise (BEC) scams remain one of the most widely used attack vectors among cybercriminals to date. In fact, cybercriminals are finding so much success in exploiting human vulnerabilities through BEC scams that their frequencies have been dramatically increasing.

What is a BEC scam?

In a BEC scam, the attacker gains access to an executive or high-level employee’s email account and exploits it, using that individual’s identity to trick employees, customers, or partners into sending them money. In some cases, the attacker does not gain access to the corporate or high-level employee account but instead creates an email address that is very similar to the legitimate one, making it easy to overlook. These requests often contain urgent requests with the intention of rushing the target to act quickly, leaving them with less time to think through the transaction.

On the rise

According to the latest Mimecast Email Security Risk Assessment (ESRA), which analyzed more than 142 million emails that had successfully passed through potential customer’s incumbent email systems, BEC scams saw an 80 percent increase quarter-on-quarter.

The FBI’s Internet Crime Complaint Center (IC3) recently reported a 136% increase in actual and attempted monetary losses on a global scale between December 2016 and May 2018 due to BEC scams.

It is clear that monetary losses from BEC scams are becoming astronomical.  According to The Rise and Rise of Business Email Compromise Scams published by Duo Security, BEC scams are growing at a “terrific rate with losses in the United States alone of nearly $3 billion in the last 18 months.

Since BEC scams utilize human vulnerabilities, they are much more difficult to detect in an email filter than various other forms of malicious emails that may contain malware attachments.

What can you do?

While technologies do exist that can help cut down on these emails successfully making it to the intended party, BEC scams cannot be carried out successfully without participation from the target. Since BEC scams rely on human vulnerabilities, strengthening employees’ security awareness is crucial to helping catch malicious attempts that technology may have missed.

Exercising caution when reviewing a request by an executive or upper-level employee is extremely important as well. BEC scams often come in the form of a financial request through a wire transfer, payment for a fake invoice, or international payment request.  If the request seems urgent or unusual, contact the sender directly prior to acting upon the request.

Employees should be trained on cybersecurity and know how to spot a phishing email. Switchfast Technologies found that 91% of cybersecurity attacks originate with a phishing email, outlining the overwhelming need for employees to be trained and tested on how to spot these attempts.

Despite security training, accidents happen.  All it takes is one employee to fall victim to a BEC scam to put their entire organization at risk. Organizations should have policies and procedures in place in the event an incident were to occur and ensure all employees know who to report to if they believe a suspected incident has occurred.

Tags: BEC ScamsCybercrimeTraining
No Comments
Share
0

You also might be interested in

It’s time to rethink employee security training

Sep 13, 2015

Data breaches dominate the news headlines. Whether it is the[...]

Employees are the biggest security threat

Oct 1, 2015

There is a very good article over at the Grand[...]

Free Security Training = More Security Sales

Feb 16, 2016

The following article appeared in ChannelPro Network Want to increase[...]

Leave a Reply Cancel Reply

Dark Web Assessments

Search

Recent Posts

  • Industry Events and Building Relationships June 2, 2023
  • Reinforcing Cybersecurity Habits & the Dark Web May 26, 2023
  • Voice AI: A New Frontier for Cybercrime & Security May 19, 2023
  • Risk Factor Reminders May 12, 2023
  • Healthcare Cybersecurity May 5, 2023

Contact Us

  • Breach Secure Now!
  • 55 Madison Ave, Suite 400 Morristown, NJ 07960
  • 877-275-4545
  • info@breachsecurenow.com

Get Social

Schedule a Demo

Recent Blog Posts

  • Industry Events and Building Relationships June 2, 2023
  • Reinforcing Cybersecurity Habits & the Dark Web May 26, 2023
  • Voice AI: A New Frontier for Cybercrime & Security May 19, 2023

© 2023 · Breach Secure Now!

Prev Next