Business email compromise (BEC) is a type of cybercrime that targets businesses. In a BEC scam, criminals send emails that appear to be from a legitimate source, such as a vendor or a customer. The emails often contain requests for money or sensitive information. If the victim falls for the scam, the criminals can steal money or use the sensitive information to commit other crimes.
BEC scams are on the rise. In 2021, the FBI reported that BEC scams cost businesses over $26 billion. The average loss per BEC scam was $130,000.
There are many different types of BEC scams. Some common types of BEC scams include:
- Invoice scams: In an invoice scam, the criminals send an email that appears to be from a vendor. The email contains an invoice for goods or services that the business has not ordered. If the victim pays the invoice, the money goes to the criminals.
- Payment change requests: In a payment change request scam, the criminals send an email that appears to be from a customer. The email contains a request to change the payment method for an invoice. If the victim changes the payment method, the money goes to the criminals.
- Wire transfer scams: In a wire transfer scam, the criminals send an email that appears to be from a CEO or other high-ranking executive. The email contains a request to wire money to a specific account. If the victim wires the money, it goes to the criminals.
BEC scams are often successful because they are designed to trick the victim into believing that the email is legitimate. The criminals often use social engineering techniques to make the emails appear more legitimate. For example, they may use the names of real people or companies in the emails. They may also use the logos of real companies in the emails.
There are a number of things that businesses can do to protect themselves from BEC scams. These include:
- Employee training: Businesses should train their employees to be aware of BEC scams. Employees should be taught to be suspicious of any email that requests money or sensitive information. They should also be taught to verify the authenticity of emails before taking any action.
- Use of security software: Businesses should use security software to scan emails for viruses and other malware. This can help to protect businesses from BEC scams that are delivered through infected emails.
- Strong passwords: Businesses should require employees to use strong passwords for their email accounts. This can help to prevent criminals from gaining access to email accounts and sending BEC scams from those accounts.
- Multi-factor authentication: Businesses should consider using multi-factor authentication for their email accounts. This can add an extra layer of security that can help to prevent criminals from gaining access to email accounts.
BEC scams are a serious threat to businesses. By taking steps to protect themselves, businesses can help to reduce the risk of being targeted by BEC scams.
In addition to the above, businesses can also take the following steps to protect themselves from BEC scams:
- Be careful about clicking on links in emails: Criminals often use links in emails to redirect victims to malicious websites. If you receive an email from someone you don’t know, don’t click on any links in the email. Instead, type the website address into your browser yourself.
- Be careful about opening attachments in emails: Criminals often attach malicious files to emails. If you receive an email from someone you don’t know, don’t open any attachments in the email. Instead, delete the email.
- Be suspicious of any email that asks for personal information: Criminals often ask for personal information, such as passwords or credit card numbers, in emails. If you receive an email that asks for personal information, don’t provide it. Instead, contact the person or company that sent the email directly to verify the request.
By following these tips, businesses can help to protect themselves from BEC scams.
