Real People. Right Now.
From the first hello, the Locknet® team is dedicated to serving you and your needs.
Business email compromise (BEC) is one of the most financially damaging online crimes and it’s on the rise. They are sophisticated schemes, and even the most astute have fallen victim. Here is what you need to know and how you can protect your organization.
It’s a cyberattack designed to gain access to critical business information or extract money through email fraud. When there is a BEC attack, a bad actor gains access to an email that belongs to an employee. After the email is compromised, the hacker can monitor all email communications, send emails, and delete emails without the victim’s knowledge. When the bad actor sends an email, it appears as though it’s coming from a trusted source. These emails are typically an attempt to convince victims to reveal critical business information or process a payment request. Companies that use wire transfers, foreign suppliers, and other invoice transactions are frequent targets of BEC attacks.
A BEC attack leads to losses that can impact both your finances and your reputation. Once you have suffered a BEC attack, the impact can be catastrophic for your present and future revenue while also damaging your brand and business relationships. Both small businesses and large corporations have fallen victim to BEC attacks.
The U.S. Federal Bureau of Investigation Internet Crime Complaint Center (FBI IC3) issued a public service announcement earlier this year. In it, they stated between July 2019 and December 2021, there was a 65% increase in identified exposed losses with BEC attacks, which includes both actual and attempted losses in the United States. The total number of domestic and international incidents for that time was 241,206 and over $43 billion dollars in exposed dollar loss. It was the number one reported scam in money loss nationally for 2021. BEC scams have been reported in all 50 states and 177 countries.
Additionally, the FBI IC3 reported this year receiving an increase in BEC complaints involving the use of virtual meeting platforms. With the increase in remote work from 2019 through 2021, criminals began using virtual meeting platforms and collaboration tools to conduct more BEC-related scams.
Here is an example of what a traditional BEC attack might look like:
A hacker obtains access to an email account that belongs to you or your vendor. The hacker logs into the compromised email, monitors communications, and quietly waits for the right time. When a potentially large invoice is due, the hacker creates and registers a very similar domain to the one expecting payment. With this new domain, the hacker impersonates the vendor and requests a payment method change. The slight change in vendor name isn’t noticed, and the new payment information is provided unknowingly to the hacker.
Here is an example of what a BEC virtual meeting attack might look like:
A hacker compromises a CFO or CEO’s email and requests an employee participate in a virtual meeting platform. There, the cybercriminal will insert a still picture of the CFO or CEO with either no audio (and claim their audio and video aren’t working well) or deep fake audio. They then instruct an employee via the chat platform or in a follow-up email to initiate a transfer of funds. The victim trusts the source and completes the fund transfer.
You don’t want either of those scenarios to happen to your business. There are some key cybersecurity measures to incorporate into your organization to help prevent a BEC attack.
You need to be always on your toes to protect your organization from business email compromise. The most effective way to protect your organization from a BEC attack is to make sure it never reaches your employees. As a Managed Security Service Provider (MSSP), the team at Locknet® Managed IT are experts in these cybersecurity measures and more. We can help you improve your security position, so you don’t become part of the startling business email compromise statistics.
Managed IT
Onalaska, WI Waterloo, IA Wausau, WI Eau Claire, WI Burnsville, MN Rochester, MN Duluth, MN
You are now leaving locknetmanagedit.com. Please check the privacy policy of the site you are visiting.