Spam emails are the most popular channel for cybersecurity attacks in the world. With the average person receiving between 100 to 120 emails daily, how many are legitimate?
The impacts of email compromise can lead to financial chaos. Even worse for businesses, 46% of companies report suffering from reputational damage after a data breach. That’s why it’s key to plan detection, prevention, and response in case of business email compromise.
Trustpair continuously audits supplier information and checks all payment campaigns before execution, blocking the effects of business email compromise. Contact one of our experts right away.
What is business email compromise?
In 2022, over 4.3 million people used email across the globe. It’s the most common way to stay in touch with your customers and reach out to vendors. But because email usage is so widespread, it’s also a great hunting ground for fraudsters.
Individuals who get caught out by email compromise report severe impacts, one of the most worrying being identity theft. A staggering 20% of Americans fell victim to this crime in 2021. The effects of such a personal crime could last years, leading to damaged creditworthiness, financial losses and a potentially false criminal record.
Business email compromise (BEC) usually works by criminals impersonating a genuine source and using high-pressure tactics in order to access your finances or company secrets. It can place your entire organization at risk since it’s the chosen channel for many different types of fraud.
Here are some examples of the scams associated with business email compromise:
- CEO fraud: a malicious type of spear phishing attack, typically a hacker perfectly impersonates a senior leader at your business and asks for funds or personal information
- Vendor fraud: bad guys gain access to sensitive information regarding your suppliers and send you invoices – thanks to social engineering tactics, these often look believable
- Third-party fraud: also known as identity theft, fraudsters exploit vulnerabilities to steal passwords and use your account details to open lines of credit elsewhere
In general, there is a high level of trust in business emails to remain secure – either through spam filters, IT departments, or common sense. But email hackers are a very real threat to businesses that should be taken seriously.
Why are BEC attacks of growing concern?
There are three major reasons for concern around BEC attacks:
- Rising long-term work-from-home culture
- Reputational damage
- Fluctuating economic environment
Work from home culture
Thanks to the pandemic, more Americans experienced what it was like to work from home. While we are past the peak, it’s thought that close to 30% of employees still work from home in 2023.
Although work-from-home has huge employee benefits, it’s proven much harder for companies to secure their systems against cybercrime. With workers spread all across the country, IT departments can’t rely on an impenetrable internal hardware system on the office grounds.
Instead, many turned towards relying on good spam filters and security practices. Unfortunately, the effectiveness of such measures largely depends on whether employees follow your protocols. What’s more, third party resources (like social media channels, payment software, and marketing programs) might not be up to the same standard.
Therefore, the trend of increasing work from home numbers has correlated with a rise in BEC cases. In fact, it’s now the number one crime reported to the FBI, having grown significantly in the last five years.
That the reputational damage caused by getting hacked can lead to public outrage – and not towards the fraudsters. Corporations that become the victim to business email compromise stand to lose one of their most valuable assets: trust. Customers who can’t trust you to keep their details safe and secure might find it’s a good reason to turn to your competitors.
If your business becomes a victim of business email compromise, it’s not just your customers who might cancel their association with you. Investors and merchants might also choose to go their separate ways, leaving your business out of control with an entirely new host of financial problems.
Now more than ever, businesses can’t afford to lose their hard-earned cash to fraudsters. Both political and economic instability were cited as the number one barrier to business growth in Q4 of 2022.
One of the most impactful consequences of falling victim to fraudsters is, of course, the money that leaves your accounts. It’s funding that won’t be reinvested into the business, can’t contribute towards the growth and won’t lead to increasing your profits.
Most of the time, companies fail to get their money back after fraud. Therefore, it’s clear that BEC prevention is key.
Examples of BEC in the business world
Falling victim to BEC has led to some famously disastrous consequences.
For example, in 2020, Twitter fell victim to a data breach via BEC. The attacker impersonated other workers to dupe an employee into sharing access to the internal systems. Once inside, the fraudsters hijacked the accounts of celebrities to post scam tweets.
The reason that this style of hacking was so successful for the fraudsters is that they used a technique called phishing. This refers to a close, like-for-like impersonation of a known source. For example, the fraudsters may have studied the language used by their target and recreated it, or created a spoof email address that very closely resembled the real one.
Another high-profile example of BEC includes Ubiquiti. The company was exploited in 2015 by an apparent vendor who sent false invoices and emails to the finance department. Unfortunately, an employee at one of the subsidiaries transferred some funds, and across a number of transactions the company lost over $46 million dollars.
While business email compromise can have a huge impact on corporations, there are some measures that you can put in place to protect your business.
How can you detect business email compromise?
You can increase security awareness within your business by teaching your people what to look for. Here are some manual ways to detect business email compromise:
- Check the domain: spoof domains are very similar but not identical to the real credentials. An example of spoofing might be: email@example.com instead of firstname.lastname@example.org
- Does the subject line sound weird? Urgency in the subject line may be considered a sign of a cyber attack. One version of this includes “Payment Deadline”, for example.
- Are the links malicious? You can hover open a link to see if it links to what you’re expecting or redirect you to another (potentially harmful malware) site
However, using automation to detect BEC can have much more thorough results. For example, Trustpair’s platform automatically audits campaign payments before they are executed, blocking any transactions to suspicious or unknown bank accounts.
How can you prevent BEC in your business?
Unlike fraud detection, phishing email prevention is about building a bulletproof shield around your business. This can be done successfully through the implementation of good procedures, protocols, and systems.
Upgrade security measures
Unfortunately, one of the biggest reasons that BEC scams and viruses succeed is due to weak cybersecurity measures.
Think about your email account right now – how many junk emails are sitting in your account? It’s worth remembering that they’re only the ones you can identify. 85% of all emails in the world are considered spam, and many make it through even though every email provider supposes to have a high-quality spam filter.
The FBI considers BEC 64 times more damaging than ransomware attacks, so it is worth investing in the upgrades. Features such as two-factor authentication require your staff to log in using more than just their password; they must also have a time-out code or biometric match like facial identification. This prevents unauthorized access from fraudulent pretenders.
Even better if you can upgrade your firewall or antivirus program as this should create an added layer of protection.
Secure payment process
The secondary way to prevent phishing scams via BEC is something less obvious – focused on your payment process and P2P process itself. You see, even if fraudsters make it through your email system and get lucky with a transfer, the right payment software will not let that payment leave your accounts.
Trustpair specializes in preventing payment fraud. We secure your entire payment chain in order to manage third-party risks. By working in real-time to validate your supplier details, we have prevented 100% of fraud attempts for our clients.
What’s more, your finance department can collaborate directly on the platform itself, leading to a more streamlined approach to work in general, and (more specifically) fraud prevention.
And if it’s too late… how should your business respond after falling victim to a BEC attack?
If your business is unfortunate enough to discover spyware or that your emails have been compromised, the first thing you should do is alert your bank and the authorities. Immediately doing this could be the difference between seeing those funds again, or waving goodbye to them altogether.
The other factor in getting the money back is often down to the payment method. Methods like wire fraud are typically fast and work in real-time, whereas check payments could take longer to clear.
In response to BEC, it’s a good idea to overhaul your systems and processes. For example, regular cybersecurity training for employees can help in the fight against fraud. This is a proven measure since regular cybersecurity training leads to fewer losses to fraudsters and faster resolutions of fraud cases.
Protecting Your Business from Business Email Compromise
Since most businesses rely on emails every single day, protecting the security of this channel should be a top priority. In doing so, your company can confidently work with new suppliers and merchants from around the world, all while reducing operational risk.
Trustpair is by your side to help out. We help protect corporations from unwanted intrusions, whether that’s through securing your payment platform or updating your supplier data in real-time. This way, your people always have the bigger picture and are equipped to make the right decisions.
Here’s what you need to know about business email compromise (BEC):
- Scammers try to gain access to your confidential information or financial accounts through a series of fake emails
- Cybercriminals usually impersonate a known supplier or senior member of staff inside the business to accomplish their scams
- Protect your business against an engineering attack like this through good quality anti-virus software and awareness training for your employees
- Prevent your finances from being breached through a secure payment chain and real-time account validation with Trustpair