Business email compromise (BEC) is when threat actors use email fraud to attack an organization and its employees, customers, or partners. BEC involves scammers impersonating an employee or executive at an organization or trusted vendor, such as your bank, in order to get access to funds or private information.
Over the years, BEC included a compromise of personal emails and vendor emails, lawyer email accounts, requests for W-2 information, and fraudulent requests for large amounts of gift cards. Recently, the cofense annual report found 6% of reported malicious emails were BEC. According to a recent FBI internet crime report, BEC phishing cost victims $2.4 billion over the last year. With the rise of BEC, no secure email gateway is 100% effective in blocking attacks.
Many of these emails look authentic and seem to come from a trustworthy organization. Here are ways you can protect your business from email compromise.
- Use secondary channels or two-factor authentication
- Ensure email URLs are legitimate
- Do not resend login credentials in response to an email
- Verify the sender’s email address
- Come up with a crisis response plan that is right for your business
Visit the Cybersecurity and Infrastructure Security Agency’s website to learn more about developing a plan of where to start when implementing cybersecurity practices for your business.