As businesses increasingly rely on email to communicate with customers, partners and employees, the risk of email compromise is also on the rise. Business email compromise (BEC) occurs when an attacker gains access to a business email account. They then use it to send fraudulent emails or conduct financial transactions.
Business Email Compromise By The Numbers
BEC attacks can have serious financial and reputational consequences for businesses. In May 2022, the FBI released a public service announcement detailing the increase and impacts of these crimes. As of the date of the report, losses to business email compromise (BEC) attacks have surpassed $43M since June 2016. According to the announcement, the increase can be partly attributed to the restrictions placed on normal business practices during the COVID-19 pandemic, which caused more workplaces and individuals to conduct routine business virtually.
The Risks to Your Business
There are a number of risks associated with business email compromise, including:
- Financial Losses: This can happen if you make payments to fraudulent accounts or if a scammer tricks you into sending money or financial information.
- Operational Disruption: This can happen if you are unable to access your email account or if you receive spoofed emails that look like they are from your company.
- Reputational Damage: This can happen if your customers find out someone hacked your business or tricked you into sending money.
- Legal Problems: This can happen if someone sues you for making payments to fraudulent accounts or accuses you of sending money to a scammer.
Businesses need to be aware of the risks associated with BEC attacks and take steps to protect themselves. BEC attacks are on the rise, and businesses should prepare to defend against them.
Protecting Your Business
Some measures that businesses can take to defend against BEC attacks include:
- Implementing strong email security measures. Businesses should implement email security measures such as two-factor authentication to help protect their email accounts.
- Verifying the identity of contacts. Businesses should verify the identity of contacts before sharing sensitive information or making payments. Confirm the contact’s email address and check that their website domain matches the company’s domain.
- Monitoring for suspicious activity. Businesses should monitor their email accounts for suspicious activity, such as unexpected or unsolicited requests for payments or transfers.
- Training employees. Businesses should train employees on how to recognize and report suspicious emails. In addition, they should educate them on the importance of email security.
- Reporting incidents. Businesses should report any incidents of BEC fraud to the relevant authorities, such as the Internet Crime Complaint Center (IC3).
BEC attacks are on the rise, and businesses need to prepare to defend against them. By taking steps to implement strong email security measures and educate employees on how to recognize and report suspicious activity, businesses can help protect themselves from these types of attacks.
To learn more about other cybercrime that make impact your business, visit our business scams page.