Protect Your Accounts From Business Email Compromise


business email compromise

Any cyberattack involving the hacking, spoofing, or impersonation of a business email account is known as Business Email Compromise (BEC). In a BEC attack, the targeted person receives an email that appears to come from a reputable company, an email made to look authentic. However, it usually includes a phishing link, a malware file, or a request for a money transfer to the attacker. 

The impersonators make it look like the email is coming from a member of your trusted network, a c-suite executive, a business partner, or someone close to you. The reason why they do this is to gain your trust in an attempt to convince you to reveal critical business or financial information or process a payment request that you would never have done otherwise. 

How BEC Is Affecting Businesses

Business email compromise continues to be quite a significant headache that is costing millions for affected companies.  

According to the FBI’s Internet Crime Report, there were more than 19000 BEC complaints presented, leading to a total of $1.8 billion in losses during 2020.  

Similarly, Verizon’s 2021 Data Breach Investigation Report (DBIR), found that BEC is the second-most common type of social engineering attack. 

Now, there are various reasons why BEC attacks are performed and what the threat actors are seeking. The following are the most common motives for BEC attacks: 

Money. The vast majority of cyberattacks are financially motivated, according to Verizon’s 2021 Data Breach Investigation Report. 

Account credentials: A phishing link in a phishing email could lead to a false account login page. This BEC variation is on the rise, according to the FBI. 

Gift certificates: Instead of transferring money, BEC attackers can induce their target to buy gift certificates. In May 2021, the Federal Trade Commission issued a warning about this increasingly widespread sort of scam. 

We’re just the folks you want to talk to!

Our IT security solutions are here to help.

How To Detect A Phishing Email

Are you sure that the email you got from UPS is actually from UPS? (Or any other company). If you don’t recall placing any recent order on UPS, you should: a) consult with your family as it could have been one of them or b) treat this email as a phishing attempt.  

Situations like the one described above occur frequently. And the reason is that after these emails a hacker is trying to get away with your personal information, bank account, or passwords to other accounts.  

How do we know If an email is legitimate or not? To explain that let’s analyze the following example: 

screenshot of a phishing email
Example of a phishing email.
  1. Domain: Not only you should look at the name of the person who sent you the email, but also at the email address itself. Hover your cursor over the ‘from’ address to see their email address. Make sure there haven’t been any changes (such as adding more numbers or letters). In the example above we don’t have the name of the person, but just by looking at the email domain, you can tell it’s fake. 
  1. Generic: If this email really came from Best Buy, it would have included your name, because you would be an existing customer. Instead, this example lacks personalization because it is being sent massively to deceive as many people as possible.  
  1. Requesting personal info: In most cases when you get an email asking to “confirm” or submit personal information, it’s a scam. These companies already have your information from when you signed up for their services.  
  1. Misspelling: In addition to the generic salutation, grammar gaffes are usually a good clue that something is wrong. Notice the ‘17’ reference in the middle of the sentence. 
  1. Urgency: It is a common factor in this type of email to use threats to urge people to respond quickly. 

How We Can Help

Business email compromise is a serious threat, and it should be addressed accordingly. You may be wondering what can be done to reduce the chances of getting impacted by a BEC attack. Getting managed network services from Wingman Solutions can be the security boost that your systems need.

Understanding ransomware attacks is another crucial aspect of safeguarding your business from cyber threats. By partnering with Wingman Solutions for managed network services in Toronto, you can further strengthen your defences against both BEC and ransomware attacks, ensuring the continued security and success of your business.

Let’s schedule a call and make sure your business is safe from BEC attempts.  

Like this article? Spread the word

Google Rating
Based on 61 reviews