Business Email Compromise (BEC) is an increasingly common scam targeting companies and individuals who perform financial fund transfers.
These complex attacks work by threat actors hacking into corporate e-mail accounts and using the information to trick third-parties into making fraudulent wire transfers, with a heavy reliance on social engineering to convince somebody to hit send. This type of cybercrime can sometimes pay off better than ransomware-related compromise events, with the FBI reporting this type of attack costing organizations an estimated $1.77 billion in losses in 2019.
Luckily, these types of attacks are typically easy to spot early on. Here are a few warning signs you should be aware of that would tip you off.
- You have noticed an increase in phishing emails to your employees
- Your clients or vendors are reporting an increase in phishing emails that are spoofed and have convincing signatures or email addresses similar to yours
- Wired money goes missing, or it is discovered that the payments went to the wrong account
- Your employee(s) notice they are missing parts of an email conversation or emails are being forwarded to their RSS Subscriptions or Junk email folders
- Alerts are being generated for email forwarding rules that route email outside of your domain
- You just moved your employees into Microsoft Office 365 or G-Suite and have not gone through the process of securing the environment
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
If you suspect or are experiencing a network incident, our Incident Response Team is available 24x7x365 at 1-800-993-8937.
Want more cybersecurity content? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, for the latest insight and news in the cybersecurity world.
