What is Business Email Compromise (BEC)?

Business email compromise (BEC) is a form of phishing that occurs when a cybercriminal impersonates a legitimate source to trick employees into wiring money, sharing sensitive information or engaging in other compromising activities.

Unlike more traditional phishing attacks that target a large group on individuals, BEC attacks are crafted to appeal to specific individuals – making them harder to detect and potentially more damaging. BEC is a threat that ALL businesses, regardless of size or industry, should take seriously.

Common BEC Attacks:

  • False invoice schemes – requesting fund transfers to complete an invoice
  • CEO fraud – posing as a high-level executive to request wire transfers
  • Account compromise – hacking into employee accounts to request invoice payments directly from vendors
  • Attorney impersonation – impersonating a corporate law firm to request immediate transfer of funds
  • Data theft – posing as HR professionals to obtain personally identifiable information from employees

What are some signs of a BEC attack?

  • Generic terms / no personalization
  • Variations to email addresses or company websites
  • Unfamiliar names or images
  • A sense of urgency or a threat
  • Asking for personal or financial information

How to protect your company and your employees:

  • Educate employees
  • Implement effective payment protocols
  • Restrict access to sensitive data
  • Use all security features offered
  • Have a plan in case there is a BEC attack
  • Purchase adequate Cyber Liability Insurance coverage

For more cybersecurity and insurance guidance, contact Consolidated Insurance + Risk Management today!