Mimecast: There is nothing worse than feeling like you've been scammed but having your company scammed hits especially hard. Business email compromise is a phishing attack that targets businesses to steal money, sensitive information, or other personal account information. These attacks can be challenging to prevent as criminals may use social data gathering techniques, such as impersonation and intimidation, to extort users.
Bad actors will often prepare for business email compromise attacks by identifying their targets through basic online research, obtaining employee contact information, and building a profile on the organization.
What Does a Business Email Compromise Scam Look Like?
In a business email compromise scam, criminals send an email that looks like it came from a known source making a legitimate request. They can present themselves in several ways:
- They spoofed an email address that looks like one you recognize. For example, if the victim's e-mail address is name@organization.com, a scammer may use a variation such as name@orgnztion.com. Take note of how the cyberattackers domain name is misspelled.
- You receive an email from your boss or another company executive requesting that you quickly process an invoice or suddenly change vital payment information.
- The message is brief, very urgent, and pushes for you to bypass standard company procedures.
- The sender says that they are traveling and unable to communicate directly- with a signature that indicates the email came from a smartphone.
- The email comes from a personal email account rather than an official company account.
According to the Cisco Talos Intelligence Group, the pandemic provided ample opportunity for bad actors to commit business email compromise attacks. In one nasty example, an attacker pretended to be the CEO of a company telling an employee that the company was looking to donate gift cards to a local hospice care group. However, once the gift cards were acquired, they would be sent directly to the criminals and not the care group.
Gift cards are a popular form of currency for cyberattackers because they are a fast and easy way to launder money by selling the cards. Plus, they are difficult to trace.
How to Avoid Business Email Compromise Scams
The easiest way to ensure that you don't become a victim of business email compromise is to create a strong password that is unique and is not used on multiple accounts. If you want extra protection, you can opt to use a password manager and generator.
Make sure that you are updating your applications, operating systems, any software, and browsers so that you are always running the latest versions. Updates often contain solutions for security flaws that cyberattackers can better exploit.
If your company isn't already using security software- consider using one from a reputable company and install it on all devices for optimal protection.
Remember, your email address is linked to a lot of crucial personal information. So, implementing extra security measures like two-factor authentication (2FA) makes it harder for cyber-criminals to breach accounts.
Train Your Employees to Identify Business Email Compromise Scams
Educating your employees and ensuring that they know what a business email compromise scam looks like is just as important as trying to avoid them altogether. Your team should also be knowledgeable about the next steps.
By understanding how these attacks work and taking the necessary steps to protect your company against them, you can help reduce risk.
Press Release Service by Newswire.com
Original Source: Your CEO Doesn't Want Gift Cards: Signs You're Being Scammed