Business Email Compromise (BEC) attacks: What they are and how to protect your company
BEC attacks focus on the corporate world. Criminals aim to acquire relevant information and financial transfers through techniques such as phishing, malware, or spoofing.
How BEC scams work
In BEC attacks, criminals typically steal the identity of someone connected to the corporation, such as a supplier or a customer. They then persuade officials to send valuable information or to make financial transfers to the criminal.
The techniques behind Business Email Compromise scams
You should learn the most common techniques used by BEC perpetrators — this knowledge is essential for you to identify and protect yourself against scams.
Fake websites and emails (spoofing): Criminals create email addresses or websites that are extremely similar to real addresses to trick the victim into thinking they are replying to a known person or visiting a trusted website.
Spear phishing: A hyper-targeted type of phishing that appeals to a sense of urgency to trick a specific victim.
Malware: Criminals infect corporate computers with malware that give them access to data and internal systems. It is precisely through spoofing or spear-phishing that, in most cases, computers end up being infected.
The types of approach used in BEC scams
All the techniques listed above can be used by criminals in different approaches. These approaches are nothing more than stories created to persuade victims. The most common are those listed below:
Fake billing scam: Victims receive fake bills from criminals posing as known vendors. This scam is more common in companies that have international suppliers.
CEO Fraud: Criminals impersonate a company's CEO or high-ranking staff members, contact the financial team, and request transfers to an account they control.
Compromised account: The email of an executive or employee of a company is hijacked and used to contact suppliers to request payments.
Legal Impersonator: A criminal impersonates a lawyer or someone in the legal field (via email or phone) to obtain important information.
How to defend yourself against BEC attacks
To defend yourself against Business Email Compromise (BEC) attacks, it is necessary to invest in two fronts: preventive technologies and cybersecurity culture.
Technologies to protect against attacks
Rule-based Intrusion Detection System: This type of technology flags emails that have extensions similar to the company's official email, to indicate a possible scam attempt.
Mail Flow Rules: You can enable a rule in many email systems to indicate when, in a conversation, the address that sent the reply is different from the one you initially sent the email to.
Two-Factor Authentication in Payment Processes: Enable this option in all apps and payment systems.
Cybersecurity culture
In everyday work, regardless of what position you hold, the best way to defend yourself is to know how criminals act and to pay attention to all the characteristics that have been listed in this article.
And, if you are an executive or partner in a company, always balance your investments between technology tools and the education of your team: After all, they are the ones responsible for day-to-day business.