Business email compromise (BEC) attacks, also known as email account compromise (EAC) attacks, are on the rise globally. According to the FBI, BEC is one of the most financially damaging online crimes.
However, with the proper preventative measures and best practices in place, businesses and individuals can avoid falling victim to business email compromise attacks.
Business Email Compromise
Business email compromise is a type of cyberattack in which a cybercriminal tries to get a business email user to do something they shouldn’t. What exactly does that mean? BEC attacks come in all shapes and sizes and often combine phishing techniques with malware and domain spoofing to compromise an email user.
In one common ploy, a cybercriminal impersonates a familiar business partner via email and asks for a customer’s payment to be redirected to a “new account”. If all goes as planned, the recipient of the email has the account updated so that the customer’s payment is wired to the cybercriminal instead of the appropriate company.
Best Email Security Practices
To minimize your risk of falling victim to business email compromise attacks and other phishing scams:
- Protect your email account.
Multifactor authentication (MFA) is a key safeguard that requires more than one step to verify a user’s identity.
- Don’t trust an email just because you recognize the sender’s name.
If you receive a particularly strange request, take extra steps to ensure the email account hasn’t been compromised by a cybercriminal.
- Don’t follow new instructions without verifying with a phone call.
One of those extra steps you can take to verify the validity of an email is to call the sender directly. Do not reply to the email to verify changes, make a direct call instead.
Tips to Recognize Email Scams:
- Ask yourself: “Was I expecting this email?”
- Look for slight discrepancies in the sender’s email address.
- For example, can you spot the difference between “Jane.Doe@partnerbusiness.com” and “Jane.Doe@partnerrbusiness.com”?
- Beware of pop-ups and links to login pages.
- Your email username and password are valuable to cybercriminals and can lead to other attacks. Be leery of popups or links that request a username and password or other personal details.
- Analyze the email content for abnormalities in style, language, grammar, and more.
- Be wary of urgent requests.
- Hover over links in emails to verify the URL, and don’t click suspicious links.
- Carefully review attachments for abnormalities before opening.
- For example, does the file name seems appropriate for the sender?
Learn more Security Tips here.