Malware Data TheftThe FBI recently reported that Business Email Compromise (BEC) scams cost businesses $5.3 billion between 2013 to 2016.  Worse yet,  cloud-security vendor Trend Micro predicts these losses will exceed $9 billion by the end of 2018.

How does a Business Email Compromise work?

Here’s an example. An elaborate BEC scam by Lithuanian Evaldas Rimasauskas convinced Facebook and Google employees to transfer tens of millions of dollars to him. Rimasauskas used invoices and corporate stamps to impersonate a foreign manufacturer.. While the scam was eventually detected, a security awareness training program could have prevented the problem in the first place.  Even big companies often over-estimate the security awareness of their staffs and wind up paying the price.

What are the most common types of BEC exploits?

  • Fake Invoice Schemes

     Attackers send a fake invoice, usually impersonating a foreign supplier

  • CEO Fraud       

    Attackers pretend to be a company executive and demand an urgent wire transfer from a junior employee

  • Account Compromise

    Attacker hacks an employee email account and requests payments from vendors

  • Attorney Impersonation

    Attackers impersonate a lawyer or other official who handles confidential information, and requests more sensitive data.

  • Data Theft   

    Attackers target HR and accounting employees to steal sensitive data, including tax information.

 

How can I reduce the risk of BEC scams?

  • Motivate Your Workforce to Care About Security with recurring and consistent security awareness training.  One-and-done training just doesn’t cut it !

  • You can send your employees realistic attack simulations to increase their awareness of BEC attacks.   Simulation training shows them what to look for so that awareness is raised.  If your employee falls victim to the simulated exploit, initiate a remedial training for them until they get it right.

  • Institute SPAM scrubbing technology on all incoming e-mails from a leader in malware detection to reduce the amount of BES exploits getting through to your staff.

 

  • Implement pattern recognition software that can detect confidential information in outgoing e-mails before it leaves your business to warning of confidential data leakage.

If you need help creating an effective security plan that includes BEC exploit protection, give us a call at (847) 639-7000 or e-mail support@act4networks.com