Some of the keywords to look out for are request, transfer, payment, and urgent. There are 5 types of BEC scams:
The Bogus Invoice
Attackers pretend to be foreign suppliers requesting payments to a specific account. Sometimes these “suppliers” will include a message saying they’ve updated their account information.
Attackers impersonate an executive or CEO of the company and email employees requesting fund transfers to different accounts.
An employee or executive’s email account is compromised and used to request payments from those in their contacts. The payment will be directed to a bank account that does not belong to the company.
Attackers pose as lawyers in-charge of the company’s confidential matters. Requests like these are typically done through email or phone outside working hours.
The target of this scam is to obtain information such as tax statements of executives and employees. Data from this type of attack can be used for more attacks in the future.
How to Avoid Getting Scammed
It is particularly hard to recognize a pattern for BEC attacks as they don’t use any observable techniques, just plain text in their emails. They also don’t have obvious malicious links or attachments.
- Confirm requests in person if possible, especially for urgent payments.
- Use a verified payment platform to ensure that suspicious accounts can be reported.
- Activate multiple authentication settings if applicable.
- Train employees to identify scams and set security standards that everyone should follow.