What is Business Email Compromise (BEC)?
Business Email Compromise (BEC) is a targeted scam that relies on social engineering. The goal is to trick someone into taking harmful actions, like sharing sensitive business data, revealing account credentials, transferring money to a fraudulent account, or clicking malicious links or attachments. Cybercriminals carefully plan these attacks, often pretending to be trusted colleagues, executives, or business partners to make their requests convincing. Unlike generic phishing scams, which target large groups, BEC focuses on specific individuals or organisations, making them harder to spot and more damaging when successful.
The rise of cloud-based systems and the increasing use of email for business communications has made BEC more popular and effective. With more businesses relying on email for day-to-day operations, cybercriminals are taking advantage of this trusted communication channel to exploit human error and gain access to sensitive information.
Common techniques used in BEC scams
BEC scams rely on a range of clever tactics to deceive businesses. Here are some of the most common techniques cybercriminals use:
- Compromised accounts: One of the most common tactics in BEC attacks is using compromised email accounts. When cybercriminals gain access to an employee’s account, they can email contacts within the organisation, requesting payments or sensitive information. This tactic, also known as Email Account Compromise (EAC), uses the hacked account to make the scam look authentic and trustworthy.
- Impersonation: This technique involves attackers sending fake invoices that appear to be from legitimate suppliers. Often targeting international businesses, the scammers act as if requesting payments for goods or services, but the funds are directed to accounts they control.
- Invoice fraud: Fraudulent invoices are common in BEC attacks. Scammers pose as suppliers and request payments to fake accounts, often creating invoices that look nearly identical to legitimate ones. These scams rely on trust and can be difficult to spot without careful verification.
- Payroll diverts: Another tactic in BEC attacks is emailing the payroll team from a compromised account to request changes to payroll details. This can involve redirecting employees’ pay checks to fraudulent bank accounts, causing significant financial loss.
- Domain spoofing: In this tactic, attackers register a domain name that closely resembles a legitimate company’s name, hoping to trick people into thinking the email is from a trusted source.
How to protect against BEC
Protecting your business from BEC requires a combination of technology, processes, and awareness. Here are some essential steps you can take to strengthen your defences:
- Enable Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring a second form of verification, making it harder for cybercriminals to gain access to your accounts.
- Use email filtering: Implement email filtering tools to block suspicious or malicious messages before they reach your inbox.
- Build a culture of cyber security awareness: Train your staff to recognise phishing attempts and educate them about the latest BEC tactics. The more informed they are, the less likely they are to fall for scams.
- Implement clear business processes: Create clear procedures for verifying requests for payments or sensitive information. Always double-check requests with trusted channels, especially for unusual or urgent transactions.
- Renew domain names and register additional domains: Protect your business’s online presence by renewing your domain names regularly and registering additional domains to prevent attackers from using similar names to impersonate you.
- Protect employee contact information: Be cautious about where you share contact details, especially for departments like accounts, finance, or HR, which are commonly targeted in BEC attacks.
- Be mindful of privacy: Avoid revealing personal details online, such as your job title, email address, or other contact information that could be used to target you in a scam.
How Bekkers Can Help
With nearly 35 years of experience, Bekkers has built a trusted reputation for delivering reliable technology solutions and expert cyber security services, including protection against growing threats like BEC. Our highly skilled team is dedicated to helping you navigate the complex digital world, offering tailored IT services to keep your systems secure and your business running smoothly.
We take a proactive approach to cyber security, providing 24/7 support and monitoring to keep your business protected from ever-evolving threats. Our focus on customer service means you’ll have a trusted partner in safeguarding your business from attacks, with solutions designed to meet your specific needs.
Ready to protect your business from BEC and more? Contact us here or on +61 8 9422 6777.