Since 2003, the FBI has tracked more than $740 million dollars lost to business email compromise (BEC) fraud in the United States. Who’s the main target? None other than the C-Suite. Led by organized online criminal groups, BEC is one of the fastest growing types of financial fraud.
Company executives are more easily compromised than you may think. Not only does the C-Suite have more access than anyone to valuable information about employees, partners and customers, its members are also easy to find because they’re often the face, or faces, of an organization. Last year, a warning was issued by the FBI’s Internet Crime Complaint Center (IC3) warning businesses of BEC attacks, and the issue has only escalated since.
Business email compromise and related cyber crimes are hard to identify if you’re unfamiliar with the warning signs.
Fortunately, there are five important steps you can take to decrease your organization’s chances of become a BEC scam victim:
- Identify if Your Organization is High-Risk
- According to the IC3, “The Business Email Compromise (BEC) is a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.”If your company does not work with foreign suppliers and/or does not perform many wire transfers, you may be at lower risk of fraud, but you are not completely in the clear. As long as you do any business online, whether it’s through email, your website, or any other means of communication, you may be compromised.
- Educate Yourself and Your Employees
- Any employee with access to a company email address is at risk of putting your organization in danger of BEC attacks. However, those employees who are considered executive level or higher, and those who assist high level employees, are the most vulnerable. It’s important to educate yourself and all your employees on what a BEC attack may look like and what they should do if they think they have been scammed. Personal identity monitoring can significantly reduce the chances of a BEC attack escalating out of control.
- Use Social Media Wisely
- One of the most common ways that hackers find information about the C-Suite of an organization is through their social media accounts. Linkedin, Facebook, Twitter and other common social networks can provide all the information a hacker needs in order to identify when and who to target.Exercise caution when disclosing potentially telling information, such as when a financial advisor will be out of town or tips on who an organization’s main suppliers are.
- Be Wary of Suspicious Action
- Being cautious is one of the simplest ways to stay ahead of the BEC attack. Beware of unusual customer activity. You should know the habits of the organizations you work with most, such as invoice amounts and reasons for business. Change your passwords regularly so that hackers have a harder time accessing your information. If something seems off, double check with your team to ensure that all is as it should be. Beware of personal email accounts, a sense of immediacy within email with language such as, “urgent wire transfer,” and IP addresses that trace back to someone who registered for a free domain.
- Establish Protocol for Suspicious Activity
- Now that you and your employees are aware of the things they should be looking out for, it’s important that they know what to do if they are rightfully suspicious of a compromise or your organization is attacked. The best way to detect if your organization has been breached is by employing actionable threat monitoring services. A comprehensive solution including Dark Web ID monitoring services can send threat alerts in real-time so immediate action can be taken in the case email addresses and passwords are compromised. Preparation can lead to millions of dollars in savings!