Business email compromise is the costliest type of cybercrime, according to Fortune Magazine. A report from the FBI estimates that BEC scams were responsible for more than $2 billion of losses in 2021. That's a 33% increase over 2020.
What is Business Email Compromise?
Business Email Compromise (or BEC) is a type of cyberattack during which a hacker gains access to a legitimate email account and--by pretending to be the real owner of the email account--convinces someone to wire money to a bank account controlled by the hacker.
BEC scams are very easy to execute. Once a hacker takes control of a legitimate company email account, they look for opportunities to redirect funds. They target incoming or outgoing payments that are soon to be or are in the process of being transmitted. My company experienced this kind of cyberattack last year. A hacker gained access to our bookkeeper's email account and tricked a client into sending a $28,000 payment to the hacker's account.
This type of cyberattack happens so frequently that Fortune states:
"Crane Hassold, an expert on BEC scams and former cyber analyst with the FBI, has heard of federal prosecutors declining to take BEC cases unless several million dollars were stolen, a minimum threshold that speaks to how out of control the problem is. 'There’s so many of them they can’t possibly work them all,’ said Hassold, now director of threat intelligence at Abnormal Security."
Tips to Protect Your Business from BEC Scams
- Strengthen your email protection: Require your employees to use strong passwords and multi-factor authentication (MFA).
- Train your employees: Provide cybersecurity training for your employees to ensure that they are aware of BEC scams and other cyber risks. Training will also help them to understand and practice good cyber hygiene.
- Establish protocols: Make sure that your employees know what kinds of funds transfer requests they can expect via email and from whom. Set protocols that require that they verify through more than one means that the email sender is who they purport. For example, require that they call the individual using an already established telephone number.
Tools to Help Protect Your Business from BEC Scams
Take action now to protect your business or you are likely to regret it later. Take advantage of these free tools to help you get started:
- Cybersecurity Risk Assessment for Small Businesses (you'll need to create a free account and click the risk assessment tab on the navigation bar after you login)
- Cybersecurity Tools for Small Businesses