Business Email Compromise (BEC) is when a hacker uses email to manipulate people and commit fraudulent acts which harm your company.
Among these fraudulent acts are tricking associates of the company to send sensitive data or even money to the hacker’s personal bank account. These hackers usually are not alone – they are associated with large criminal organizations.
Read on to learn the best ways to protect yourself:
Business Email Compromise: 5 Reasons Why It Could Be a Threat
To understand how the process works, we have listed these 5 reasons. Keep reading, and you will see how easily a hacker can use email to steal personal data, extort money, and tarnish your company’s reputation:
1. Impersonation
When they do contact the potential victims they may use the following tactics:
- Email the potential victim and change the ‘reply-to’ address to their own address. Sadly, most people never notice this obvious change.
- They send an email from an email account that looks similar to yours. So instead of [email protected] which is your email, they will send one from [email protected] – which again, the average person will not notice. And doing this is easier than you would think.
At times, the hacker can even go as far as impersonating the company CEO. This can be extremely embarrassing for the company – with the CEO’s reputation being permanently tarnished.
2. Breaking Trust
JP Morgan has warned about the growing threat of Business Email Compromise.
Many hackers have posed as employees within the company or as a trusted vendor and then requested a wire payment to their own bank account. The employee in the financial department, often Accounts Payable, believes they are communicating with a legitimate company executive or vendor. They innocently wire money, thinking this is a payment or business transaction, to the hacker’s bank account.
The hackers do look into your company’s transaction history. They know how frequently a payment is made and to what amount. By doing this, they can avoid requesting an amount – at least initially – that may arouse suspicion. These funds are then transferred to a bank account controlled by an organized crime syndicate.
This technique, called “spear-phishing,” involves the hacker posing as a trusted vendor to request sensitive data from an employee.
3. Data Breach
The hacker may contact associates of the company to steal sensitive data from them. An example could be contacting all employees and telling them that the payroll system has changed. As a result, the employees are required to send their pay data again – their social security numbers, bank account numbers, addresses.
If the employees fall for it, your hacker can have access to hundreds of sensitive data from them. They can commit identity fraud using the employee’s social security numbers. They can also steal money from the employee’s bank accounts.
The hackers can install malware to break into the company’s network and steal a range of sensitive data. Email addresses, social security data, passwords are amongst the data which can be stolen and shared with the criminal organization.
4. Financial Woes
If you have sensitive data regarding your company’s bank accounts or the point of contact for the accounts on your email, then this is walking on a slippery slope. The hacker can directly access your bank account. And they could liquidate your entire account and transfer all the money to their own account.
Make sure such sensitive data is not shared via email. Your bank account points of contact should be told beforehand not to follow any instructions which they may receive via email.
5. Tarnished Image
Even if it is revealed that any of the above actions done by your company was because it was hacked, the damage is done. Your company’s public image can be permanently tarnished if it is revealed to have had weak security. Your employees may look elsewhere for work.
Customers who were compromised may leave and never return. And of course, this tarnished image could lead to potential lawsuits.
Protect Yourself
Luckily, you do not need to live in constant fear from business email compromise.
You can follow us to learn about our new product which will help you and your team detect potential phishing emails.