The Ultimate Guide Against BEC Attacks

BEC, or Business Email Compromise, affects companies of all sizes. After gaining access to or knowledge of a trusted colleague or business partner's personal information, hackers will then pose as the affected user, tricking their targeted organization into sending data, banking or other sensitive information. 

While this may seem like another run of the mill “another day, another attack” scenario, with a 1,760% increase in attacks this year, it’s time to put BEC up in the ranks of common cyber attacks. By breaking down the common BEC threats and knowing when you’re in the midst of an attack, you and your team will be the masters of BEC prevention and will be able to catch the scam seconds before anyone can say, “we’ve been compromised!”

Types of BEC Attacks

1. CEO Fraud

• How it works: Attackers pose as the CEO or another big employee and request urgent wire transfers or sensitive data. When other employees see who is sending the request, this often leads the receiver to comply without really looking into the message.

2. Account Compromise

• How it works: Specifically for gaining financial information, hackers will pose as vendors or team members that have access to company funds. 

3. False Invoice Scheme

• How it works: Attackers impersonate suppliers and send fake invoices to companies, requesting payment from fraudulent accounts. This type of attack often targets businesses with established supplier relationships.

4. Attorney Impersonation

• How it works: Attackers pose as legal representatives or lawyers and pressure employees into transferring funds or providing sensitive information under the guise of legal urgency.

Recognizing BEC Attacks

They may initially be hard to recognize, but looking for these common signs may provide you a leg up.

1. Unusual Requests

• Out-of-the-Ordinary: Be wary of unexpected requests for payments, especially those with a sense of urgency or secrecy. Also, ask yourself the question, “Why are they emailing me now?”
• Communication Channels: If an executive typically uses one communication channel via Slack, Teams or other messaging centers, but suddenly switches to email for sensitive matters, be cautious.

2. Email Slip-Ups

• Spelling and Grammar Errors: Professional emails from executives or partners typically do not contain spelling and grammar mistakes, but these may be littered with errors.
• Email Address: Check the sender’s email address closely. Look for subtle differences that might indicate a spoofed address.

3. Urgent and Confidential Language

• High Pressure: You may see words like “URGENT” or capital letters within the email header. BEC emails often stress urgency and confidentiality to rush the recipient into making quick decisions.
• Authority: These emails might name-drop senior executives
  to gain a faster response.
  
  

BEC No More

BEC is a serious threat, playing into the aspect of Social Engineering mixed with phishing. It’s a hacker's melting pot of malicious tactics. By understanding the types of BEC attacks and recognizing the warning signs, you and your team will be able to stop these schemes dead in their tracks. 

Being the first line of defense and making sure your protection against these attacks is not only a shared responsibility but will also provide a safeguard against your digital growth and an outsmarting tactic hackers will never see coming!