How to Recognize a Business Email Compromise Attack

Do you know how to recognize and protect your employees and yourself from a wire fraud and business email compromise attack?

Hackers have found a way to steal from businesses without hacking or infiltrating your operations or network system. Hackers can simply utilize email as a tool to convince employees to voluntarily transfer money with deception techniques. Hacker uses an
email address made to look almost identical to the email of a company’s CEO or an high ranking executive with only slight differences that most employees wouldn’t notice.  They’ll replace and I to L, for example, with an urgent email to wire funds to a financial institution or transfer money in a provided account.  This right here is a combination of cyber attack – namely ‘Business Email Compromise’ with end goal of ‘Fund Transfer Fraud’.  Sadly, this fraudulent transaction is pretty much impossible to reverse as by the time its recognized as a fraud, the hackers are already out with your money, enjoying victory.

Business Email Compromise is a form of social engineering in a commercial world.  These BEC attacks can be detrimental, challenging and costly to any company.  Falsely lending a hand in a fund transfer fraud scheme, sending confidential files, payroll fund diversion, sensitive data theft or sending gift card codes are all examples of BEC attack.

Common colleagues, executives and situations to impersonate:

• CEO
• VENDOR
• EXISTING EMAIL THREAD INVOLVING FUNDS
• PAYROLL DIRECT DEPOSIT (CHANGE/UDPATE NOTICE)
• EXECUTIVE BRINING IN ANOTHER UNEXPECTED HIGH AUTHORITY INTO EMAIL CONVERSATION
• SPOOF EMAIL HEADERS
• LOOKALIKE DOMAINS
• EMAIL ACCOUNT TAKEOVER
• MOVING THE FUNDS OR ACCOUNT INFORMATION TO TRANSFER THE FUND

Learn how scammers are tricking employees of huge sums of money:

Few ways to avoid being hit by a wire fraud attack:

• Pay attention to the style of the email
• Is it more urgent than usual?
• Is the style of the email from that employee or executive same as different?
• Double check the email address of the sender, including the spelling on both side of the @ sign
• Are there spelling and grammar mistakes in the body of the email?
• To confirm authenticity of the email or respond, don’t reply but instead compose new email and type the email manually
• Call the sender by phone and verify the request
• Verify that the bank account matches the one in your system
• Pay attention whether the sender is leading you to bypass company’s standard policy and procedures

Be proactive in avoiding BEC attack to be an easy target for your company.  Along with having cyber awareness training, buttoned up cybersecurity posture, its imperative to have cyber coverage for the times that an employee is tricked into BEC attack.

A Comprehensive cyber Insurance policy will provide coverage for:

• Social Engineering & Cyber Crime
• Computer & Fund Transfer Fraud
• Ransomware and Cyber Extortion
• Breach Response and Remediation
• Digital Asset Restoration
• Business Interruption
• Regulatory & Industry Fees, Fines & Penalties
• Network Security and Privacy Liability
• Credit Monitoring Services