What is BEC (Business Email Compromise)
Business Email Compromise, or BEC, is a type of cybercrime where scammers use email to trick the recipient to either send money or divulge sensitive company information. The scammers pose as legitimate figure from the company and asks for a fake bill or sensitive information which they can then use in another scam. With remote working such attacks are on the rise.
Types of BEC scams
Emails are the originating point for 91% of cyber attacks. In the next couple of sections we will learn more about some of the common types of scams.
Theft of Data
In these types of scams, the HR department is usually the target. They try to get sensitive company information such as someone’s roster or personal phone number. This in turn makes it easier for scammers to sound more believable and therefor gain the trust of their victims.
False invoice scam
Scammers will post as a legitimate vendor that the company does business with. The scammer will then email a fake bill, which very closely looks like a real one, even though the account number might be off by one digit. They could also ask you to use a different account to pay the invoice as your bank is currently being audited.
The email of a CEO is usually spoofed or hacked by scammers. Once the account is compromised or spoofed emails are sent to employees instruting them to make a purchase or send money via wire transfer. They could even ask an employee to purchase gift cards and send them pictures of the serial numbers so that they can redeem them.
In this type of BCE attack scammers gain unauthorized access to a legitimate email account at a law firm. In turn they send emails to client with an invoice or link to pay online. The email might come from a legitimate source but the links inside may not lead to a legitimate destination.
The last type of attack is where scammers use malware or phishing to gain access to an account of someone in the companies finance department, such as a finance clerk. Once an account is compromised scammers send fake emails from that company requesting payment to a fraudulent bank account.
Reach out to us on [email protected] to discuss training options for your employees, in order to keep your sensitive information safe.
EMBED THIS VIDEO – https://www.youtube.com/watch?v=5GU03qJbvn4