So what's a business email compromise anyway?
It’s very simple. Business email compromise (BEC) is very exploitative, financially damaging because this attack takes advantage of us relying heavily on emails.
BECs are basically phishing attacks designed to steal money from a company.
Who needs to be concerned about business email compromise?
People who work in business related fields, or are related to large and potentially vulnerable business corporations/entities.
In particular, company employees who own email addresses under corporate email servers are the most vulnerable, but other related entities can be affected just as equally, albeit indirectly.
How exactly does business email compromise happen?
Attackers and scammers can perform a variety of actions, such as spoofing internal email addresses (like an employee’s business provided business email), and sending malicious emails from spoofed email addresses.
They can also send generic spam / phishing emails to business email addresses, in hopes of invading and infecting at least one user within the corporate email system.
How can you prevent business email compromise?
There are many precautions you can take to prevent a BEC:
- Information that you share online like family members, recent locations, schools, pets can be used against you. By openly sharing information scammers can use it to create less detectable emails that can really fool you.
- Checking the elements of an email like the subject, address, and content can reveal if it is a scam. In the contents you can tell if it’s a scam if the email presses you to act quickly or update/verify account information.
- Install two-factor authentication on important accounts.
- Never download attachments from a random email.
- Make sure payments are verified by confirming in person or on the phone with the person.
Phishing simulations are programs/situations in which companies test the vulnerability of their own email networks by simulating phishing techniques (sending spear phishing / scam emails) to test to see which employees are vulnerable to an attack.
Phishing simulations show employees what common phishing tactics look like, and teaches them how to deal with situations involving common attacks, lowering the chance that a business’s email system becomes compromised in the future.