How to Recognize a Business Email Compromise Attack
Posted by BlackFire Cyber Insurance on
Do you know how to recognize and protect your employees and yourself from a wire fraud and business email compromise attack?
Hackers have found a way to steal from businesses without hacking or infiltrating your operations or network system. Hackers can simply utilize email as a tool to convince employees to voluntarily transfer money with deception techniques. Hacker uses an
email address made to look almost identical to the email of a company’s CEO or an high ranking executive with only slight differences that most employees wouldn’t notice. They’ll replace and I to L, for example, with an urgent email to wire funds to a financial institution or transfer money in a provided account. This right here is a combination of cyber attack – namely ‘Business Email Compromise’ with end goal of ‘Fund Transfer Fraud’. Sadly, this fraudulent transaction is pretty much impossible to reverse as by the time its recognized as a fraud, the hackers are already out with your money, enjoying victory.
Business Email Compromise is a form of social engineering in a commercial world. These BEC attacks can be detrimental, challenging and costly to any company. Falsely lending a hand in a fund transfer fraud scheme, sending confidential files, payroll fund diversion, sensitive data theft or sending gift card codes are all examples of BEC attack.
Common colleagues, executives and situations to impersonate:
EXISTING EMAIL THREAD INVOLVING FUNDS
PAYROLL DIRECT DEPOSIT (CHANGE/UDPATE NOTICE)
EXECUTIVE BRINING IN ANOTHER UNEXPECTED HIGH AUTHORITY INTO EMAIL CONVERSATION
SPOOF EMAIL HEADERS
EMAIL ACCOUNT TAKEOVER
MOVING THE FUNDS OR ACCOUNT INFORMATION TO TRANSFER THE FUND
Learn how scammers are tricking employees of huge sums of money:
Few ways to avoid being hit by a wire fraud attack:
Pay attention to the style of the email
Is it more urgent than usual?
Is the style of the email from that employee or executive same as different?
Double check the email address of the sender, including the spelling on both side of the @ sign
Are there spelling and grammar mistakes in the body of the email?
To confirm authenticity of the email or respond, don’t reply but instead compose new email and type the email manually
Call the sender by phone and verify the request
Verify that the bank account matches the one in your system
Pay attention whether the sender is leading you to bypass company’s standard policy and procedures
Be proactive in avoiding BEC attack to be an easy target for your company. Along with having cyber awareness training, buttoned up cybersecurity posture, its imperative to have cyber coverage for the times that an employee is tricked into BEC attack.
A Comprehensive cyber Insurance policy will provide coverage for: