Topic: Business email compromises have risen by 100% – here’s how to protect your business
According to the Federal Bureau of Investigation, business email compromises, or BECs, have cost companies more than $26 billion from 2016 through 2019 alone. Additionally, over the past few years, the number of reported business email attacks has skyrocketed, totaling more than 160,000 — excluding many attacks that still go unreported.
While anyone can be a target of a BEC attack, some industries are more vulnerable than others.
“Any business that’s moving funds around, regularly transferring money or conducting financial transactions online, those are the biggest targets,” said Eric Hobbs, CEO of Technology Associates, a full-service technology consulting firm based in Cary. “You’ll also see broader-based firms experience something like a CEO impersonation, where they email the office administration asking for something like gift cards to be sent to a certain address.”
While many businesses are getting smarter about business email compromises, the scam continues to grow. From 2018 through 2019, the FBI found there was a 100 percent increase in identified global exposed losses. Part of that increase stems from greater awareness around the issue, which tends to cause more reporting, but that number still doesn’t represent the full scope of BECs.
For those on the lookout for potential attacks, there are five types of email compromise attempts to be aware of:
False invoices, which request wire funds to incorrect accounts
CEO fraud, which happens when credentials are stolen then used to request money or items
Account comprise, which is similar to CEO fraud but on an employee level
Attorney impersonation, in which hackers pretend to represent legal counsel and request wire transfers
Data theft, when fraudulent emails request sensitive documents like W-2s or personally identifiable information
Hackers use a variety of techniques to target victims, whether it be spoofing by using an email address that looks legitimate or similar to the victim’s, secretly installing malware, or using psychological manipulation to convince victims to share sensitive information. Additionally, if individuals use the same password for multiple platforms, it opens up the possibility for multiple breaches.
“Say I register my LinkedIn account using my work email and password. LinkedIn gets hacked, and now the hackers have my login information,” Hobbs said. “Now, it’s easy for them to backtrack and see what email system I’m using to log into my email and formulate an attack plan.”
“I had an acquaintance of mine in real estate who was a victim of such an attack. Within a two-week period of time, they had two customers tricked into diverting funds for a real estate transaction into a hacker’s bank account.” Hobbs continued. “The hackers were sitting there watching, waiting for an email requesting the transfer, then right at the last minute, they’d send an email back to the purchaser and say, ‘Oh by the way, we’ve got new bank account routing information. Here it is.’”
Topic Discussed: Business email compromises have risen by 100% – here’s how to protect your business
Welcome to the website of eBiz Kingdom. My name is Mark Roffer and I have been the sole owner and web designer for eBiz Kingdom since 2005. The ability to work with my clients, one-on-one, throughout the entire process results in well-executed websites, effective marketing campaigns, happy clients, and lasting relationships.