In today’s digital age, our business email inboxes have become a lifeline, connecting us with customers, colleagues, and partners. However, as technology evolves, so do the tactics of cybercriminals. The rising threat of business email compromise (BEC) is a stark reminder that our digital communication channels are not immune to exploitation.
To help you spot the red flags and mitigate the risk of BEC incidents, here are five real-life examples of BEC scams to keep you informed:
1) CEO Fraud
CEO Fraud, also known as “whaling,” often targets companies with fewer employees as it may be easier to get a response.
In this scam, cybercriminals pretend to be a company’s CEO or another executive and email an employee asking for a wire transfer, gift cards, or access to sensitive information. The employee might believe that the email is legitimate, fall for the scam, and unwittingly transfer money to the fraudsters.
Tip to Protect Yourself: CEO Fraud is prevalent but can be detected by checking the email address carefully and analyzing the context of the message.
2) Fake Invoice
A Fake Invoice BEC is usually aimed at a company’s accounting, finance, and procurement departments.
Attackers pretend to be trusted suppliers and send official-looking invoices requesting payment. The invoice typically directs a bank transfer to a different account, which belongs to the attackers. In some cases, the email may seem authentic, using contact information that looks correct with a transaction history.
Tip to Protect Yourself: Verify the supplier’s legitimacy by contacting them directly or looking up their official website and contact details.
3) Your Account’s Been Compromised
The Your Account’s Been Compromised BEC is a social engineering technique that leverages humanity’s anxiety to trick people into giving up their login information.
Cyberattackers often send phishing emails posing as a bank, tax authority, or internet service provider and ask users to verify their account information or risk account suspension. If the user enters their credentials, the scammer may be able to access the genuine account and possibly use it for other BEC scams.
Tip to Protect Yourself: To avoid this trap, avoid clicking links in email requests—consider using anti-phishing software, and implement two-factor authentication (2FA).
4) Impersonating a Lawyer
In the Impersonating a Lawyer BEC scam, attackers research and monitor a company’s business relationships and impersonate a lawyer or another trusted advisor to urge immediate payment or action.
In some cases, the email may even include a forged legal document or email signature to appear convincing. The email’s urgency can lead to hasty decision-making, resulting in significant losses for your company.
Tip to Protect Yourself: Make sure to always authenticate the identity of an email sender through a phone call or a separate email to verify that the lawyer or advisor exists and actually sent the email.
5) HR Scam
HR Scams are BEC incidents that generally deal with payroll and other employee records.
Typically, attackers pose as HR personnel urging employees to update their information or to change their bank account details for direct deposit. The attackers could then use this sensitive information for various identity-theft-related incidents, including opening fraudulent bank accounts.
Tip to Protect Yourself: This scam can be avoided by authenticating all emails and initiating direct communication with HR personnel to confirm requests. Consider establishing protocols to verify changes in personal or financial information.
Telltale Signs It’s a BEC Scam:
- Urgent requests
- Poor grammar/spelling
- Suspicious links
- Unsolicited requests for personal information
- Unusual payment methods
- Offers that seem too good to be true
- Email addresses that look similar but aren’t quite right
- Emails from an incorrect domain
Bottom Line: Falling Prey to BEC is Avoidable
BEC scams are increasingly sophisticated, and the best defense is preparedness. Through careful analysis and awareness of different BEC scams, companies can identify red flags, prevent potential losses, and establish processes to avoid future incidents.
By taking preemptive measures to combat BEC scams, companies could safeguard their assets and reputation while thriving in the digital era.