Business email compromise attacks - or BEC - are not your father’s “Nigerian Prince” email scam. BEC attacks are strategic, effective, increasingly lucrative, and do not discriminate against industry or business size. As these attacks become more frequent, you must be diligent, skeptical, and cautious, and implement information system security best practices to avoid becoming a statistic.If your business operation relies heavily upon email communications, it’s important to know how to prevent business email compromise attacks.
What is a Business Email Compromise Attack?
In a business email compromise attack, a cybercriminal hacks the corporate email account of an executive or other senior-level employee, and impersonates that person to defraud the company, its customers, partners, or employees into sending money or sensitive data. This type of Man-in-the-Middle business email compromise attack is sometimes referred to as a Man-in-the-Email attack because the hijacked communication stream always involves email communication.
BEC by the Numbers.
Business email compromise attacks are becoming more common, so much so that both the FBI and information security companies have taken notice in the last several years. Based on the statistics the FBI has compiled, total global losses attributed to BEC now exceed $12.5 billion, which is up from $5.3 billion in 2016.
Notable BEC Victims.
In 2015, the global toy company Mattel fell victim to a BEC attack resulting in the loss (and eventual return of) $3 million. In this attack, a cybercriminal posing as Mattel’s CEO, Christopher Sinclair, sent an email to Mattel’s finance executive requesting the wire transfer of $3 million to the Bank of Wenzhou in China. Fortunately, with the help of the FBI and the Bank of Wenzhou, they were able to retrieve the funds shortly thereafter. If your organization is wondering how to prevent business email compromise attacks, Dataprise CYBER’s managed security services can help.
How to Avoid Falling Victim to BEC Attacks.
The best way to prevent business email compromise attacks is through comprehensive security management and training. With an ounce of prevention, you can avoid falling victim to one of these debilitating attacks. Educating your staff and implementing information security best practices, including 24x7 monitoring, are essential and proactive ways to protect yourself and your data. However, there are other methods, too.
I hosted a free webinar entitled “Think Like A Hacker: Unmasking Business Email Compromise” in which I went into greater detail about these attacks and the additional information and network security measures you can take to prevent them from happening to you. View our webinar HERE to learn more about business email compromise prevention.