Individuals have long been a target to email scams but in 2013, the FBI started tracking a new financial cyber threat that they called business e-mail compromise (BEC). Business e-mail compromise is a serious global threat that has cost companies well over $3 billion! That’s not chump change.
What is BEC?
BEC is also known as CEO impersonation. These hackers impersonate Chad in an attempt to trick you into giving away company information or performing tasks that would benefit the impersonators. If you fall for it, they can get inside our company and could spend weeks or months studying our company’s vendors, billing systems, and Chad’s style of e-mail communication and travel schedule. This could also happen with other company leaders. Once the time is right, they STRIKE!
The Attack
When BEC hackers attack, they most often do it when they can tell Chad is out of the office. They will send a bogus email from him to a targeted employee, most likely someone in finance or accounting, and ask for a wire transfer or some other monetary assistance. If you are their target, you won’t initially suspect anything wrong. You’ll just think it’s Chad asking you to do something you’ve done for him in the past. You’ll likely not notice that the account numbers are slightly different and you’ll make the transfer. Once it’s done, it’s incredibly hard to undo.
BEC hackers are legit organizations, not only just some punk sitting in their parent’s basement. These organizations employ lawyers, linguists, hackers and social engineers hired with one primary focus…trick you!
Types of Scams
Although there are many different types of scams, some of the most prevalent are:
- Spear-phising
- Social engineering
- Identity Theft
- Email spoofing
- Use of malware
Don’t Fall For It
- We have started flagging external emails (shown as [EXT!] in the email)
- Make note if the “reply” email is different from the “from” email
- Verify changes to vendor payment locations
- Confirm requests for transfer of funds