Some of the keywords to look out for are request, transfer, payment, and urgent. There are 5 types of BEC scams:
The Bogus Invoice
Attackers pretend to be foreign suppliers requesting payments to a specific account. Sometimes these “suppliers” will include a message saying they’ve updated their account information.
CEO Fraud
Attackers impersonate an executive or CEO of the company and email employees requesting fund transfers to different accounts.
Account Compromise
An employee or executive’s email account is compromised and used to request payments from those in their contacts. The payment will be directed to a bank account that does not belong to the company.
Attorney Impersonation
Attackers pose as lawyers in-charge of the company’s confidential matters. Requests like these are typically done through email or phone outside working hours.
Data Theft
The target of this scam is to obtain information such as tax statements of executives and employees. Data from this type of attack can be used for more attacks in the future.
How to Avoid Getting Scammed
It is particularly hard to recognize a pattern for BEC attacks as they don’t use any observable techniques, just plain text in their emails. They also don’t have obvious malicious links or attachments.
Confirm requests in person if possible, especially for urgent payments.
Use a verified payment platform to ensure that suspicious accounts can be reported.
Activate multiple authentication settings if applicable.
Train employees to identify scams and set security standards that everyone should follow.
Identifying A Business Email Scam
A business email compromise scam or BEC targets mostly companies that usually have suppliers abroad. Criminals send emails to businesses pretending to be from a trusted source, likely a vendor with which an organization already has business. Although this scam mostly affects businesses, individuals can also be a target.
BEC as a Threat
Emails like this are sent from usually someone or a domain you have never received mail from. They pretend to be a person important in a well-known organization, hoping that you would reply, and then they can scam you into providing some information or even sending some money for Advance Fee Fraud.
Types of BEC
Some of the keywords to look out for are request, transfer, payment, and urgent. There are 5 types of BEC scams:
The Bogus Invoice
Attackers pretend to be foreign suppliers requesting payments to a specific account. Sometimes these “suppliers” will include a message saying they’ve updated their account information.
CEO Fraud
Attackers impersonate an executive or CEO of the company and email employees requesting fund transfers to different accounts.
Account Compromise
An employee or executive’s email account is compromised and used to request payments from those in their contacts. The payment will be directed to a bank account that does not belong to the company.
Attorney Impersonation
Attackers pose as lawyers in-charge of the company’s confidential matters. Requests like these are typically done through email or phone outside working hours.
Data Theft
The target of this scam is to obtain information such as tax statements of executives and employees. Data from this type of attack can be used for more attacks in the future.
How to Avoid Getting Scammed
It is particularly hard to recognize a pattern for BEC attacks as they don’t use any observable techniques, just plain text in their emails. They also don’t have obvious malicious links or attachments.
Confirm requests in person if possible, especially for urgent payments.
Use a verified payment platform to ensure that suspicious accounts can be reported.
Activate multiple authentication settings if applicable.
Train employees to identify scams and set security standards that everyone should follow.
