Business email compromise scams

What are they and how can you protect yourself?

You would never think that criminals could get away with just asking for money, would you? That is, in effect, is what Business Email Compromise (BEC) scammers do. While not a new addition to the global crime scene, cybercriminals have upped their game recently. As many organisations and companies shifted to a remote or hybrid work situation due to the global pandemic, they became more vulnerable to cyber-attack

BEC all hinges on the criminal faking an email address – either one that may be mistaken as belonging to you or one of your employees; or that of a third party that your company regularly does business with.

When it comes to pretending to be you or one of your employees, a criminal can hack one of your business or employee email addresses, or ‘spoof’ it by changing one or two characters so that it still seems legitimate. Posing as senior management, the hacker can now instruct other employees to make payments or transfer funds to bogus accounts. The criminal can also send invoices and requests for payment to vendors or other contracts the victim may have, providing them with the wrong banking details.

A cybercriminal can also attack by pretending to be one of your regular payment contacts. In this scenario, the criminal may notify you of a change in banking details and request future payments to be made into this new – fraudulent – account. The South African Banking Risk Information Centre (SABRIC) says “By the time the employee realises that funds have been paid into an incorrect account, it is too late as criminals use accounts belonging to ‘money mules’, who open accounts for this purpose and then further launder the money by quickly moving it into other accounts.”

London based email security agency Mimecast canvassed 1 225 global IT decision makers in compiling their 2020 State of Email Security Report. It found that 61% of companies had suffered a ransomware attack last year, resulting in an average downtime of six working days. There was an increase of 64% in email threats as cybercriminals took advantage of the rise in digital activity with new social engineering attacks. Shockingly, 79% of organisations were hurt by their lack of cyber preparedness. You can download their full report here.

The following tips on how to protect your company and yourself from these types of criminal activities are taken from a SABRIC press release:

“Do not click on links or icons in unsolicited emails. Do not reply to these emails. Delete them immediately. Be alert to hyperlinks that contain misspellings of the actual domain name. In some cases, it could be one character. Never give anyone your confidential information, such as login usernames or passwords. Never send anyone your personal or confidential information. Personal information includes identity documents, driver’s licenses, passports, addresses and contact details. Confidential information includes usernames, password and PIN numbers.

“Ensure the domain visible in received emails is associated with the business it purports to be from. Ensure that permissions are enabled to allow your employees to view full email extensions on their computers. Do not believe the content of unsolicited emails blindly. If you are worried about what is alleged, use your own contact details to contact the sender to confirm. Don’t ignore reports from colleagues about mysterious emails coming from your accounts.

“Never list your main email address publicly anywhere online – in forums, in online advertisements, on blogs, social media or any place where it can be harvested by spammers. Use a separate email address for the internet which is not linked to your personal or business email account. Any unplanned or urgent payment instructions should be questioned. Always check with the person issuing the directive in-person or via a credible channel – preferably one where you can see them. Any requests for a change in beneficiary account details should be verified by contacting the sender using normal, legitimate historically sound contact details.”

Cybercriminals have adapted their modus operandi to take advantage of the new, online, normal. Are you protected against them?