What is Business Email Compromise (BEC)?
Business email compromise (BEC) is a form of phishing that occurs when a cybercriminal impersonates a legitimate source to trick employees into wiring money, sharing sensitive information or engaging in other compromising activities.
Unlike more traditional phishing attacks that target a large group on individuals, BEC attacks are crafted to appeal to specific individuals – making them harder to detect and potentially more damaging. BEC is a threat that ALL businesses, regardless of size or industry, should take seriously.
Common BEC Attacks:
- False invoice schemes – requesting fund transfers to complete an invoice
- CEO fraud – posing as a high-level executive to request wire transfers
- Account compromise – hacking into employee accounts to request invoice payments directly from vendors
- Attorney impersonation – impersonating a corporate law firm to request immediate transfer of funds
- Data theft – posing as HR professionals to obtain personally identifiable information from employees
What are some signs of a BEC attack?
- Generic terms / no personalization
- Variations to email addresses or company websites
- Unfamiliar names or images
- A sense of urgency or a threat
- Asking for personal or financial information
How to protect your company and your employees:
- Educate employees
- Implement effective payment protocols
- Restrict access to sensitive data
- Use all security features offered
- Have a plan in case there is a BEC attack
- Purchase adequate Cyber Liability Insurance coverage
For more cybersecurity and insurance guidance, contact Consolidated Insurance + Risk Management today!