What are Business Email Compromise (BEC) attacks?

Here at Creative Network Solutions, we are Preston’s leading IT support and network services experts. From secure remote access services to business VoIP, we are the team you can count on. And this is our guide to everything you should know about BEC attacks.

So, what are Business Email Compromise (BEC) attacks?

BEC attacks are one of the fast-growing cybersecurity threat that all businesses, especially small and medium-sized ones, are currently facing. And while these may be primarily carried out through email, SMS messages, voice mail messages, and even phone calls can all be used as part of this type of attack. BEC attacks rely on social engineering to succeed and this places them in an entirely different type of category than malware.

How do BEC attacks work?

BEC attacks generally work in a similar way, trying to get the target to send money to them by posing as someone they trust. We see this often with individuals outside of a commercial approach, such as posing as someones relative to ask for money. But in the business sense, scammers usually pose as the CEO or boss of the person they are asking for money from. Some scenarios that have been used against businesses include:

  • Posing as the CEO, sending a message to an employee for an immediate payment for an overdue invoice. This invokes action immediately and a sense of panic due to the lateness of the invoice, and the command from the authoritative figure.
  • Creating both fake or compromised email accounts to convince an employee that they’re dealing with a legitimate vendor,and then sending an invoice to be paid.
  • Targeting company payroll accounts by impersonating employees and trying to get the payroll staff to change the employee’s direct deposit information to their own bank account.

How can companies protect against BEC attacks?

BEC attacks rely on human error and judgement and so they cannot be really prevented with the use of software or anti malware packages. However, they can be prevented mostly by training and educating staff.

  • Training staff- educating your employees about these types of attacks can go a long way to preventing them. Social engineering is often difficult to see happening, but by ensuring that employees follow all policies and procedures correctly, and training them to spot anything that might appear suspicious in regards to sending money, can help to halt any BEC attack immediately.
  • Money and payment policies and procedures- verifying payment requests and of following the established rules for paying bills, changing direct deposit information, and buying and sending gift cards can be a good way to prevent BEC attacks from causing damage and being successful. By putting verification policies in place, employees know that they need to call the vendor or colleague before authorising payment or requesting payment. This checks that the claim is legitimate before any further action is taken.

For more information or advice about your network security, systems, or cloud solutions, why not ask the experts today, here at Creative Network Solutions.