Business Email Compromise (BEC) is not new; however, fraudsters have changed their tactics in recent years. Rather than targeting C-suites and Executives, they’ve now cast their nets to the broader business ecosystem. And, the rise of home working has made their work easier.
What’s the cost of BEC?
BEC can have a massive financial impact on businesses. In 2020 alone, The FBI estimated that BEC attacks cost $1.8bn worth of losses, and the amount of BEC crime increased by ⅓ during the first 100 days of the pandemic, according to a Mimecast report. This aligned with the sudden increase of people working from home.
Email becomes more essential when people aren’t working in the same physical location. Coupled with fewer in-person checks available if suspicious emails come through, fraudsters are able to capitalize on mistakes that are made.
What should businesses do to protect against BEC?
While many employees have returned to the office now, companies are allowing more flexibility to their staff.
So how can businesses protect themselves against the increased threat of BEC whilst staff work remotely?
- Have policies in place for remote working and dedicated IT contacts to help with technical questions. It’s not unusual for fraudsters to pose as IT departments in email.
- Closely scrutinize the details of emails requesting money. E.g., check that the sender’s email address is correct, and contact the requestor on another medium like a phone call or instant message to verify the transfer.
- Don’t rely on email verification alone, and don’t assume other information in the email (e.g., phone number) is correct. Multifactor identification in this situation can help.
- Ensure your employees are trained on cybersecurity awareness and what they should do if they believe they’ve been sent a suspicious email.