Email scams have become a significant threat, particularly in the form of Business Email Compromise (BEC), also known as Email Account Compromise (EAC). These scams exploit our reliance on email for business transactions and personal communication, leading to substantial financial losses. In 2023 alone, the FBI's Internet Crime Complaint Center (IC3) reported that 21,489 BEC scams caused losses exceeding $2.9 billion, highlighting the pervasive and costly nature of these attacks.
What is Business Email Compromise?
BEC scams are sophisticated schemes where criminals pose as legitimate business contacts to deceive victims into transferring money or sensitive information. Here are some real-world examples of how these scams are executed:
A vendor your company regularly deals with sends an invoice with an updated mailing address.
A company CEO asks her assistant to purchase dozens of gift cards for employee rewards and requests the serial numbers for immediate distribution.
A homebuyer receives an email from his title company with new wiring instructions for his down payment.
In each of these cases, the messages were fraudulent, leading to significant financial losses for the victims.
How Do Criminals Execute BEC Scams?
Scammers employ various tactics to carry out BEC schemes, including:
Email Spoofing: They create email addresses that closely resemble legitimate ones (e.g., john.kelly@examplecompany.com vs. john.kelley@examplecompany.com) to deceive victims.
Spear Phishing: These targeted emails appear to be from trusted sources, tricking recipients into disclosing confidential information that allows scammers to infiltrate company accounts.
Malware: Malicious software infiltrates company networks, providing scammers with access to email threads about billing and invoices. This access enables them to time their fraudulent requests perfectly, ensuring they go unnoticed.
How to Protect Yourself
Here are essential tips to safeguard yourself from BEC scams:
Be Cautious with Personal Information: Avoid sharing details like pet names, schools attended, family member links, and birthdays online or on social media, as these can help scammers guess your passwords or answer security questions.
Avoid Unsolicited Links: Do not click on links or attachments in unsolicited emails or text messages asking you to update or verify account information. Instead, look up the company's contact details independently and confirm the request.
Examine Correspondence Carefully: Scrutinize email addresses, URLs, and spelling in any correspondence. Scammers often use subtle differences to trick your eye.
Be Cautious with Downloads: Never open email attachments from unknown senders, and be wary of attachments forwarded from known contacts.
Use Multi-Factor Authentication: Enable two-factor or multi-factor authentication on accounts that offer it, and never disable these security measures.
Verify Requests Independently: Confirm payment and purchase requests in person if possible, or call the person making the request to ensure its legitimacy. Always verify any changes in account numbers or payment procedures directly with the requester.
Beware of Urgent Requests: Be especially suspicious if the requestor pressures you to act quickly.
By following these tips, you can significantly reduce the risk of falling victim to BEC scams. Stay vigilant and always verify the legitimacy of requests to protect yourself and your business from these sophisticated cyber threats.
Additionally, partnering with a specialized recruitment firm like Rerkruitd can enhance your defense against these threats. Rekruitd specializes in finding the right IT and cybersecurity professionals to meet our customers' needs. Our experts are adept at identifying vulnerabilities within your organization's email systems and implementing robust security measures. By bringing in top-tier cybersecurity talent, Rerkruitd helps companies fortify their defenses, ensuring they have the skilled professionals necessary to detect, prevent, and respond to BEC scams and other cyber threats. This proactive approach not only mitigates risks but also provides peace of mind, knowing that your organization is well-protected by industry-leading experts.