What is Business Email Compromise (BEC) and tips that will help you prevent email attacks
By Luz Padron
Published on May 19, 2020
“It is reported that business email compromise scams have cost businesses more than $26 billion since mid-2016” The Entrepreneur.
Business Email Compromise (BEC) is a type of scam in which an attacker obtains access to a business email account and imitates the owner’s identity, in order to defraud the company and its employees, customers or partners. Often, corporate email accounts of executives or high-level employees related to finance or involved with wire transfer payments are either spoofed or compromised through keyloggers or phishing attacks to do fraudulent transfers.
What to do when your business email gets hacked:
- Check and Lock Down Your Accounts. Start by notifying banks and other financial institutions. Review all your bank accounts and information linked with the email address hacked and cut off access via that email address. After checking all your accounts and taking immediate measures, make sure that you are using the best verification measures that you can to secure your accounts. Use strong security questions, two-step verification, etc.
- Notify Necessary Parties. If your email address gets hacked, one of your first responsibilities is to contact everyone that your email account could send an email to.
- Clean Up Your System and Email Account. Make sure that you are using proper online security tools to keep your computer clear of malware and other online dangers. Start a schedule of updating all your programs and systems as soon as possible, as security patches are vital to the safety of any computer or email account.
How to prevent business email compromise attacks:
- Use a Virtual Private Network (VPN) if you ever check your email when you travel or are outside of the workplace.
- Training; a company’s employees are the first and most important line of defense against BEC attacks. Training staff to recognize the signs of a scam can go a long way toward reducing the risk of compromise and preventing fraud.
- Company policy & process; staff across every level of an organization (particularly executives, HR and those in the finance department) should know and adhere to clearly defined processes for handling financial transactions and important email requests. Additional verification procedures should be established to confirm wire transfers requested by third parties via emails. A verbal confirmation through a phone call should replace an email confirmation.
- Email authentication technology; there are several authentication mechanisms that can be used to verify the authenticity of an email. Using a combination of these mechanisms offers the best protection against BEC scams.
Remember to always contact us to report any suspicious account activity or information security-related events.
To contact a Banesco USA Client Care Specialist call toll-free from:
Monday to Friday from 8:30 AM – 5:00 PM