Sophisticated email scams designed to con companies out of money and sensitive data are on the rise. Learn how to avoid falling victim to these scams.
Business Email Compromise (BEC) attacks — sophisticated email scams designed to con companies out of money and sensitive data — are on the rise. Researchers at both Agari and IBM have seen notable increases in the number of BEC attacks. This is not too surprising given that cybercriminals like to use this type of attack because it is very effective and requires minimal technical knowledge. They have used BEC scams to steal more than $5 billion (USD) from businesses worldwide, according to the US Federal Bureau of Investigation (FBI).
Although carrying out a BEC attack does not require much technical know-how, it does require a lot of time and research. Digital con artists use phishing emails, social engineering techniques (e.g., scouring social media websites), and other tools to get the detailed information they need to scam a targeted business. Once they have it, they create the BEC email. The cybercriminals strive to get both the wording and graphical elements to look like a legitimate email from that business (or from an organization it does business with, such as a supplier). They spend a good deal of time creating the BEC email in the hope that its legitimacy will not be questioned.
Each BEC scam is specific to the business being attacked. However, when the FBI analyzed complaints from companies that reported falling victim to BEC attacks, it found several common variations of the scam. The digital con artists often:
Similarly, when the IBM researchers analyzed real-life BEC scams, they found several common tactics being used. They discovered that cybercriminals often:
How to Avoid Becoming the Next Victim
Law enforcement has been cracking down on BEC scams. For example, two cybercriminals involved in more than 20 cases of BEC fraud were arrested in February 2018. However, many more digital con artists are out there. Thus, you should be proactive and take steps to avoid becoming a BEC victim: