+1 (800) 705-7057

Blog

Dec 20

2017

Concept of hacking or fishing a login and password with malware program on blue digital background

Business Email Compromise Scams: What Every Business Customer Needs to Know

Want create site? Find Free WordPress Themes and plugins.

SPONSORED POST

Your CEO emails you directly and asks you to provide private company data. What do you do? What if they ask you to wire money? It could be legitimate – or it could be another instance of a scam that’s growing in popularity called Business Email Compromise (BEC).

According to the Federal Bureau of Investigation, BEC attacks increased 2,370% in 2016 and cost victims over $5 billion (USD). Trend Micro, a global leader in IT security, predicts that total losses will jump to $9 billion by the end of 2017. BEC is a simple-to-execute threat that can be avoided with some basic understanding and education.

cumulative BEC Losses

What is BEC?

Business email compromise relies on deception, fraud and fear. Scammers impersonate high level executives or influencers and target official business email accounts with phishing emails, requests for wire transfers and more. Some common tactics are:

  • Version 1: The Bogus Invoice Scheme
    Also referred to as “The Supplier Swindle” and “Invoice Modification Scheme,” this tactic typically involves a business that has an established relationship with a supplier. Fraudsters request wire funds for invoice payment to an alternate, fraudulent account.
  • Version 2: CEO Fraud
    Scammers identify themselves as high-level executives (CFO, CEO, CTO, etc.), claiming to be managing confidential or time-sensitive matters, and ask for a wire transfer to an account they control. This scam is also known as “CEO Fraud,” “Business Executive Scam,” “Masquerading,” and “Financial Industry Wire Frauds.”
  • Version 3: Account Compromise
    Similar to the two other versions, an email account of an employee is hacked and then used to make requests for invoice payments to fraudster-controlled bank accounts. Emails are sent to multiple vendors identified from the employee’s contact list. The business may not become aware of the scheme until their vendors follow up to check for the status of the invoice payment.
  • Version 4: Attorney Impersonation
    Cybercriminals contact employees and/or high-ranking officials of companies, identify themselves as lawyers or legal representatives who are managing confidential or time-sensitive matters. Scammers then pressure the contacted parties into acting quickly or secretly in handling the transfer of funds or private data.

BEC scams employ social engineering and typically don’t need sophisticated system penetration. Unlike phishing scams, the emails used in BEC scams are not mass-emailed to avoid being flagged as spam. Urgency and fear play a big role as fraudsters instruct the victims to act quickly or in confidence when transferring funds, data, etc.

What’s the solution?

Education is critical. The more businesses learn about the kinds of tactics, the better prepared they are to recognize scams. Businesses should remind their employees to carefully evaluate all emails and be wary of irregular requests – especially from influential agents working for and with their company. Businesses can also confirm requests with phone verification as part of two-factor authentication using known and familiar numbers. Of course, a leading security solution helps, too.

Trend Micro products protect medium and large enterprise from this threat. Malware in BEC-related emails are blocked by the endpoint and email security capabilities of the Trend Micro Smart Protection Suites and Network Defense solutions.

To learn more, head over to the Ingram Micro Cloud Marketplace and check out Trend Micro’s cloud-based security services and Deep Security Cloud.

About Author

Jon Clay

Jon Clay
Cyber Security Expert, Trend Micro

Jon Clay is responsible for managing marketing messages and external publication of all the threat research and intelligence within Trend Micro as well different core technologies. As an accomplished public speaker with hundreds of speaking sessions around the globe, Jon focuses on the threat landscape and the use of AI/Machine Learning and big data in protecting against today’s sophisticated threats.

Jon has held roles within Trend Micro as a sales engineer, sales engineering manager, training manager and product marketing manager for SMB prior to taking over as director of global threat communications. Jon is also a volunteer speaker for the Trend Micro Internet Safety for Kids and Families program. This experience has given him a broad technical background and understanding of the security requirements of businesses as well as an excellent understanding of the threat landscape.

Did you find apk for android? You can find new Free Android Games and apps.
loader