What is Business Email Compromise (BEC)?

Business email compromise (BEC) is a form of phishing that occurs when a cybercriminal impersonates a legitimate source to trick employees into wiring money, sharing sensitive information or engaging in other compromising activities.

Unlike more traditional phishing attacks that target a large group on individuals, BEC attacks are crafted to appeal to specific individuals – making them harder to detect and potentially more damaging. BEC is a threat that ALL businesses, regardless of size or industry, should take seriously.

Common BEC Attacks:

• False invoice schemes – requesting fund transfers to complete an invoice
• CEO fraud – posing as a high-level executive to request wire transfers
• Account compromise – hacking into employee accounts to request invoice payments directly from vendors
• Attorney impersonation – impersonating a corporate law firm to request immediate transfer of funds
• Data theft – posing as HR professionals to obtain personally identifiable information from employees

What are some signs of a BEC attack?

• Generic terms / no personalization
• Variations to email addresses or company websites
• Unfamiliar names or images
• A sense of urgency or a threat
• Asking for personal or financial information

How to protect your company and your employees:

• Educate employees
• Implement effective payment protocols
• Restrict access to sensitive data
• Use all security features offered
• Have a plan in case there is a BEC attack
• Purchase adequate Cyber Liability Insurance coverage

For more cybersecurity and insurance guidance, contact Consolidated Insurance + Risk Management today!