BEC stands for Business Email Compromise. And we promise that it’s the last acronym that we’ll us in this blog post.
Everyday, spam filters deal with an onslaught of emails that are either:
a) Definitely fake
b) Possibly legitimate
That’s it. There is no “100% bonafide” option here. Email is always suspect, when it comes to security filtering. Even the best spam filters are applying a series of rules to try to determine the legitimacy of an email. Hackers will compromise an account, read previous emails, copy/paste language, and then go to work.
You can’t be sure, no matter what filter you’re using. Legitimate looking emails are used to trick the recipient into sending funds or sensitive data to the attacker. Typically, the hacker will impersonate the CEO or a company executive and send an email to an employee or vendor requesting a financial transaction or some other urgent action.
Some of the common characteristics of a BEC attack include:
- Emails that allegedly come from high-level executives like the CEO requesting urgent money transfers or wire payments.
- Requests for sensitive employee data like W-2 or payroll information.
- Email addresses that appear to be from a legitimate company domain but are slightly off, for example, [email protected] instead of [email protected].
- Poor grammar and spelling errors since some attackers are not native English speakers (keep in mind our original point thought, that the email might be a copy of previous language to get around this issue).
Employee education is key here. Fraud prevention starts with company policies that can adapt to these attacks. Here are some things to pass on to employees:
- If the email is asking for any action, no matter how benign, check with the sender outside of email (call, text, whatever).
- Ask other employees if they got a similar request.
- Don’t act. Wait for a resolution before proceeding. If the request is urgent, wouldn’t they call you?
- Check with an IT professional. They can verify the source of the email.