October is Cybersecurity Awareness Month. Cyber scams are nothing new – they’ve been around since the invention of the internet. However, online scams are more prevalent than ever.
Just so you understand just how much of a problem this has become, you should know that it took almost seven years for the FBI’s Internet Crime Complaint Center (IC3) to log its first million complaints compared to only 14 months to add the most recent million. In fact, on May 15, 2021, the IC3 received its six millionth complaint.
As a business owner, it’s crucial that you are familiar with the latest cyber scams and continuously learn how to protect your business against cyber scams. Business email compromise scams also known as BEC are especially deceptive and costly. Here’s what you need to know about the five most prevalent Business Email Compromise scams.
Top 5 cyber scams businesses need to know about
The most common type of B2B business fraud is business email compromise (BEC), also known as email account compromise (EAC). This is a sophisticated scam where cybercriminals disguise themselves as trusted entities to trick a business or one of its employees into transferring funds.
This scam can result in significant losses, depending on how much money is wired to the fraudster. Scammers use five main methods to receive money fraudulently. Here’s what you need to know about each of them.
- Bogus invoice scheme – This scam involves the use of fraudulent invoices that closely mimic existing invoice payment requests. Criminals pretend to be a supplier requesting funds from your business.
- CEO fraud – Scammers pose as the company CEO to contact the finance department. The scammer will ask the department to transfer or wire money to a fraudulent account.
- Account compromise – Cybercriminals hack employee email accounts and use them to request invoice payments from suppliers. Funds are then transferred to a fraudulent account.
- Attorney Impersonation – Scammers pretend to be an attorney or some other legal figure to gain access to sensitive information. Cybercriminals may also request funds.
- Data theft – This scam often targets HR or company accountants to obtain sensitive information. This data is then used to plan future attacks.
Business Email Compromise by the numbers
BEC has become increasingly popular, especially over the last few years, which has caused a dramatic rise in reports and losses. According to the IC3's 2020 report:
- 63,517 BEC complaints were received between 2018 and 2020
- 19,360 BEC complaints were received in 2020
- $1.8 billion was lost due to BEC scams in 2020
As BEC scams become more popular, they become more expensive as well. In 2015, BEC losses amounted to $263 million. Last year, losses were up to $1.8 billion, with numbers expected to increase in 2021.
How to protect your business against Business Email Compromise
There’s no guarantee that your business won’t be targeted by a BEC scam. Because everyone is a victim, one of the best things you can do is educate yourself and your employees. Make sure that everyone is aware of BEC scams so that they can be detected and avoided.
Now is an excellent time to harden your payment processes. Implement a dual approval requirement to ensure that each invoice is seen by two sets of eyes. It’s also wise to limit the number of people who have the authority to transfer funds.
Other ways to protect your business and its assets include:
- Working with vendors who only use secure invoicing processes
- Setting up intrusion detection rules that flag emails from potentially false addresses
- Using callback thresholds for monetary transactions
- Not sharing confidential information before confirming the recipient is a trusted source
It’s also important to avoid opening suspicious links or emails. Taking a cautious approach is one of the best ways to protect your livelihood. If your business sends sensitive information through email you should consider implementing secure email at your organization. Blueteam Secure Email is super easy to implement.
BEC scams are expected to last well into the future, with fraudsters taking new and more complex approaches. Business owners and employees need to become familiar with BEC and other common scams. We highly recommend that ALL businesses, no matter their size implement Cybersecurity Awareness Training. It's an easy and inexpensive way to reduce the risk of cyber scams.
Knowledge is power! Increased awareness is critical to prevent the loss of funds and/or sensitive information. Get in touch today to get more information on how you can protect your business from cyber scams! We're here to help!
Microsoft Exchange Hack a Security Risk Even for Companies Not Using It
On March 2, Microsoft released emergency security patches to fix multiple zero-day security holes...
Social Phishing: What You Need to Know
Over the last two decades, phishing has transformed from a spam-like threat into a destructive...
Myth Busted: Macs Are NOT Immune to Viruses
It’s widely known that Microsoft PCs are prone to getting viruses and malware, but many people are...