If Business Email Compromise (BEC) doesn’t ring a bell, you might have heard of it under another name such as “man in the email attack”, “Bogus Invoice Scheme” and “CEO fraud/impersonation”. BEC happens when an attacker gains access to a corporate device or system (via phishing websites, hacking or malware) and impersonates the real owner of the account to get money from the victims.
The goal of the attack is to deceive and defraud the organisation, its employees, partners or customers. By sending emails from a known source or a spoofed domain, the content of the email seems “legit” to the receiver.
Why should finance professionals pay attention to BECs
Together with high-level executives, professionals working in finance departments are the most targeted by cybercriminals because they are the ones who handle budgets, have access to payroll and other general finance matters.
Any business that makes regular payments can be a victim of a cyber attack like BEC. Whether you work for a big enterprise, school, non-profit organisation or own a small family business, you might be under the radar of hackers as you’re reading this.
The most common topics for business compromised emails
1. A fraudulent invoice scam: A vendor that your company regularly deals with sends an invoice with an updated mailing address.
2. Fake boss scam: A company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
3. Fake company request: A homebuyer receives a message from his title company with instructions on how to wire his down payment.
How does modern workspaces lead to better business decisions?
Find out in our 101 with Microsoft
The scope of the attacks
The scope of the attacks is impressive. In 2018, the Federal Bureau of Investigation shared that BECs cost businesses approximately 5.3 billion around the world. In 2016, in the US only, there were 40k cases of BusinessEmail compromised registered.
Big companies around the world have been the victim of this kind of scheme for a long time. Xoom Corporations, the Californian international money transfer organisation suffered an attack that cost them U$ 30,8 million in corporate cash. It caused the company’s stock to dip by 14%, costing them approximately $31 million and prompting their CEO to resign.
How to prevent BECs?
Ensure you and your employees know the red flags
The FBI and Interpol have set some recommendations to help your company become “BEC-proof”. Read on to find out what you can do as a finance leader to make sure your company, and especially your department, is as protected as it can be.
Make sure that your team is well-informed about all of these red flags. Partner up with IT to explain why it’s so important they pay attention to them.
Remember that your employees might have a lot on their mind. This means and that guidelines can sometimes be missed or forgotten. To make sure they stick in everyone’s mind, make posters highlighting the red flags and put them up around the office. The more they see them, the more likely they are to remember them.
Work with your IT team
Educating employees is fundamental, but there’s more you can do as a finance leader:
I’ve been scammed, now what?
The worst-case scenario happened and you’ve been scammed by a Business Email Compromise attack. Breath, don’t panic. Here are 3 basics steps you need to take, as recommended by Interpol, after paying money out to hackers:
Now that you know why you should pay close attention to BECs, the most common email topics to watch out for, the scope of the attacks, and how you can protect your business, you’ll be well equipped to take action and empower your employees.