What is Business Email Compromise and How Can You Protect Your Business From It?

October 2, 2023
Home
/
Blog
/
What is Business Email Compromise and How Can You Protect Your Business From It?

October marks the beginning of Cybersecurity Awareness Month. For business owners, cybersecurity should be a year-round priority, but this dedicated month serves as an essential reminder to re-evaluate security practices. One of the most pressing threats in today's digital landscape is business email compromise (BEC). Read along to learn more about what BEC is and learn strategies to tackle this cyber threat.

What is Business Email Compromise (BEC)?

Business email compromise, often referred to as BEC, is a sophisticated and malicious cyberattack that targets organizations, their employees, and their financial assets.  According to the FBI, BEC  “is one of the most financially damaging online crimes.” This attack hinges on impersonation and manipulation, where cybercriminals deceive employees into thinking they are communicating with a trusted colleague or superior. Once trust is established, the attacker tricks the victim into taking actions that benefit the attacker. BEC attacks typically come in three primary forms:

  • CEO Fraud: In this scenario, cybercriminals impersonate a high-ranking executive, such as the CEO or CFO, and request that employees transfer funds, share sensitive data, or engage in other activities that compromise the company's security.
  • Invoice Fraud: Attackers compromise a supplier's or vendor's email account to send fraudulent invoices to the target organization. These invoices appear legitimate, convincing employees to make payments to the criminal's account.
  • Employee Impersonation: Cybercriminals impersonate an employee, often someone in the finance or HR department, to mislead colleagues into sharing confidential information, such as employee records or financial data.

Example of How Most BEC Attacks Happen 

A BEC attack can come in many forms. Here is a quick guide to help you spot infected emails: 

  • Falsified sender domain
  • Includes spelling and grammatical mistakes
  • Emphasizes urgency in both the email subject and content
  • Demands a monetary transfer
  • The requestor holds a prominent role within the organization

How to Tackle Business Email Compromise (BEC):

Protecting your business from BEC attacks requires a multifaceted approach that encompasses technology, education, and vigilance. Here are some effective strategies to help safeguard your organization:

Employee Training and Awareness

Educate your employees about the dangers of BEC attacks. Train them to recognize common BEC red flags, such as unusual requests for fund transfers or sensitive information. Encourage a culture of vigilance when dealing with email requests, even if they appear to come from trusted sources.

Passwords & Multi-Factor Authentication (MFA)

Ensure that your organization enforces strong password policies, including regular password changes and the use of complex passwords.

Enforce MFA for all email accounts and sensitive systems. This adds an extra layer of security by requiring users to provide multiple forms of verification before accessing their accounts.

Verify Requests for Money or Sensitive Information

Before acting on any email request for fund transfers or sensitive data, have a secondary verification process in place. This could involve a phone call to the requester using a known and trusted phone number.

Incident Response Plan

Develop and regularly update an incident response plan specific to BEC incidents. This plan should outline the steps to take in the event of a suspected or confirmed BEC attack, including reporting the incident to the appropriate authorities.

                                              ____________________________________________

As we observe Cybersecurity Awareness Month, remember that cybersecurity is not a one-time effort but an ongoing commitment. By understanding the threat of business email compromise and implementing robust security measures, you can protect your business, your employees, and your bottom line from the perils of cybercrime. Stay vigilant, stay secure, and keep your business safe in the digital age.

Please note: The content in this article comes from individual opinions and experiences. The content should not be taken as advice coming from City National Bank of Florida. City National Bank of Florida does not offer tax, legal or accounting advice.

Sources: 

CISA.gov

FBI.gov



Related Posts

Business
Fighting Financial Fraud: Signs of a Potential Business Email Compromise Attack
February 23, 2024
Business
Honoring Black History Month with CatWalk Pros
February 15, 2024
Business
Celebrating Our Community: Small Business Saturday
November 17, 2023

Stay Connected

Sign up for our newsletter to stay up to date on banking, product and service updates!

sign up

connect

Banking Center & ATM LocatorContact UsAbout UsHistoryCareersInsightsFAQs

other

Strength and StabilityInsured Cash Sweep (ICS) ServiceFDIC Insurance InformationFraud Prevention & Security CenterNewsroomBank Holidays

legal

Privacy PolicyDisclosures
© 2024 City National Bank of Florida

x

You will be linking to another website not owned or operated by City National Bank of Florida. City National Bank of Florida is not responsible for the availability or content of this website and does not represent either the linked website or you, should you enter into a transaction.

The inclusion of any hyperlink does not imply any endorsement, investigation, verification or monitoring by City National Bank of Florida of any information in any hyperlinked site. We encourage you to review their privacy and security policies which may differ from City National Bank of Florida. If you "Proceed", the link will open in a new window.
continue >