Business Email Compromises Trending Upwards
$13.3 billion in victim losses were reported last year and business email compromises was one of the largest scams according to the Internet Crime Complaint Center (IC3). The IC3 routinely analyzes complaints submitted by victims of internet crimes. Business email compromise (BEC) scams accounted for 45% of cyber crime loss in 2020, according to the FBI. The average loss per BEC scam amounted to nearly $96,000 per complaint.
There are two common financial losses related to business email compromise; fraudulent transfers of money and obtaining personally identifiable information of staff to use in future attacks. In a BEC scam, cybercriminals send an email message that appears to come from a known source making a legitimate request. For example, a company CEO asks her assistant to purchase dozens of gift cards to send out as employee rewards. She asks for the serial numbers so she can email them out right away.
Scammers commonly use these methods:
- Spoofing an email account of website
- Sends spear phishing emails
- Installs Malware
There are several basic steps your users can take to protect your business. Make sure they carefully examine email addresses, URLs, and spelling used in any correspondence, be careful of what they download, do not click on anything suspicious, and verify payment and purchases in person or via phone, if possible, to make sure the request is legitimate. The last step is to make sure two-factor or multi-factor authentication is set up on any account that allows it.
To best ensure your business is protected from outside attacks, you should first have a third party conduct a security assessment of your business. Step 1, identify what data you want to protect and what threats you are facing. Step 2, protect, detect, and respond to threats. Step 3, recovery.
Contact 2W Tech today to get started on your security assessment and allow our team of IT Consultants to guide you through the best security solutions to help protect your business from outside threats.