No, This Email is Not from your CEO. It's a BEC Scam
Over the course of the past few years, we have seen a surge in ransomware attacks and data breaches in large corporations in the news, and have received the occasional phishing email. As the public becomes more aware of how to stop cyber-crime, cyber criminals need to adjust their tactics into tricking their victims.
Business Email Compromise better known as BEC was a lesser known scam when it came about in 2013. However as reported by the FBI, BEC scams have accounted for a global loss of $12 billion to companies as of 2018
What is Business Email Compromise?
BEC is a fraud scam that targets both small and large businesses who conduct a lot of online transactions, wire transfers, and have vendors and suppliers overseas. Cyber criminals can access publicly email addresses of executives and employees involved in financial transactions and spoof their email account to instruct another member of the company to initiate a large transfer of funds, via wire, fraudulently to an overseas location resulting in the loss of hundreds of thousands of dollars.
According to the FBI there are 5 types of BEC scams which you can learn more about here.
How to detect a BEC Email
While it might be difficult to spot a BEC email, we can offer you some indicators for spotting a fraudulent email include:
- An email with a tone of urgency to submit a payment.
- Most scammers use a common subject. You can copy and paste the email subject into Google, if it is part of a known scam, it will appear in the results
- Check the email address. At a quick glance it might seem legitimate, upon further inspection 1 or 2 letters could be swapped.
- Confirm with the sender. Send them a follow up email or a phone call to ensure a payment needs to be sent at their request.
- What time of day or year is the payment being requested? Most finance departments ensure payments are not send during times where there will be no interruption such as a holiday or end of business day.
- Ensure the payment is going to a vendor, supplier, person, or business your company regularly sends payments to. If you are unfamiliar with the recipient of the payment, it could be fraud.
How Can you Prevent your company and Employees from Falling Victim to a BEC Scam?
- Educate your staff on the above criteria for spotting a BEC Scam as well as other internet scams. Developing good cyber security habits is essential to limiting cyber-crime.
- Keep track of any changes that may affect outgoing payments, such as personal and new employee changes, address changes, company name changes, etc. Keeping any employee who deals with finances and payments within your organization well informed of any changes internal and external will eliminate mistakes.
- Use two-factor authentication when transferring any funds.
- Use a product, such as Xeams to monitor incoming emails and will detect spam and junk messages sent to all employee email accounts within your organization.
Xeams allows you set rules to incoming mail such as custom filters, SPF and
DKIM checks which are used to detect forged emails, and DMARC to authenticate IP addresses, to name a few.
If you are using Xeams, ensure you are using the most up to date version. You can view the full version history here
. If you are not using Xeams and are worried your business or employees are susceptible to spoofed emails, BEC scams or any harmful spam emails licenses for Xeams start at just $20 per year. You can start a 30-day free trial here
If you suspect that you have been targeted by a BEC email, report the incident immediately to law enforcement or file a complaint with the IC3
For more information about Xeams and keeping suspicious emails out of your inbox, contact our support team today via:
||Jan 4, 2019
|Last updated on:
||Apr 11, 2021
LEAVE A COMMENT
Your email address will not be published.