Step Fwd IT Logo

Business Email Compromise: The Silent Threat Targeting Your Organisation

Anonymous | July 27, 2023

Email is an essential communication tool for businesses. However, with the rise of cybercrime, organisations face a growing threat called Business Email Compromise (BEC). BEC scams target businesses of all sizes to deceive employees into transferring funds, revealing sensitive information, or initiating fraudulent activities. In this blog post, we will explore Business Email Compromise, its common techniques, and vital steps to protect your organisation from falling victim to these costly scams.

Understanding Business Email Compromise

Business Email Compromise refers to a type of cyberattack in which fraudsters gain unauthorised access to a company's email accounts, usually by exploiting human vulnerabilities rather than relying on technical weaknesses. These scams are sophisticated and frequently involve impersonating executives, suppliers, or clients to deceive employees and manipulate them into taking unauthorised actions.

According to the Australian Cyber Security Centre (ACSC), 2021-22 saw self-reported losses from BEC substantially increase, totalling over $98 million. On a national scale, the average financial loss per successful BEC incident surged to exceed $64,000.

Scamwatch data revealed that businesses of all sizes were targets. Small and micro businesses incurred a staggering $13.7 million in losses due to scams. This was a surge of 95% from 2021, with BEC emerging as the primary contributing factor. 

Common Techniques Used in BEC Attacks

Phishing Emails

Fraudsters send convincing emails that mimic legitimate business correspondence, urging recipients to disclose sensitive information, initiate wire transfers, or click on malicious links.

CEO Fraud

Attackers impersonate high-level executives, using their authority to request urgent transfers of funds or confidential information from employees.

Invoice and Payment Fraud

Scammers pose as legitimate suppliers or vendors, tricking employees into changing payment details or transferring funds to fraudulent accounts.

Account Compromise

By gaining unauthorised access to an employee's email account, attackers monitor conversations, collect intelligence, and initiate fraudulent activities under the employee's identity.

Protecting Your Business

While educating employees is the most effective way of defending your business from the threat of BEC, there are a number of other methods that can be used to further reduce the risk of a successful attack.

Employee Education

Conduct regular cybersecurity awareness training sessions to educate employees about the risks and warning signs of BEC scams. Teach them to verify email addresses, scrutinise email requests for urgent or unusual requests, and encourage reporting of suspicious emails.

Multi-Factor Authentication (MFA)

Enable MFA for all email accounts to add an extra layer of security. This ensures that even if passwords are compromised, unauthorised access is prevented.

Email Security

Implement email filtering solutions that can detect and block malicious emails, phishing attempts, and suspicious attachments or links.

Vendor/Supplier Verification

Establish strict verification procedures for changes to vendor or supplier payment details. Independently confirm any requests for financial changes through a known and verified contact.

Strong Password Policies

Enforce strong password policies across the organisation. Encourage employees to use unique, complex passwords and regularly update them.

Encrypted Communications

Utilise secure communication channels, such as encrypted email services or Virtual Private Networks (VPNs), to protect sensitive information.

Payment Approval Processes

Implement multi-level approval processes for financial transactions, especially for wire transfers and large payments. This ensures that no single individual has the sole authority to initiate such transactions.

Incident Response Plan

Develop and regularly update an incident response plan that outlines the steps to be taken in case of a suspected or confirmed BEC incident. This plan should include a designated team, communication protocols, and contact information for law enforcement.

Step Fwd IT Can Help

Business Email Compromise scams continue to evolve and pose significant financial risks to organisations around the globe. By understanding the tactics employed by scammers and implementing proactive security measures, businesses can mitigate the threat of BEC. Educating employees, enhancing email security, and establishing robust processes can help safeguard your organisation from falling victim to these costly scams. Remember, vigilance and a proactive approach are crucial in defending against Business Email Compromise.

At Step Fwd IT, our cybersecurity experts will collaborate with you to ensure they tailor a comprehensive solution to meet the unique requirements of your organisation. This is what we call our 'You. Us. Together.' approach, which truly sets us apart.

Reach out today for a free initial consultation and safeguard your business from the rising threat of Business Email Compromise.

Related Insights

chevron-downchevron-leftchevron-right