Business email compromise (BEC) attacks are not your father’s “Nigerian Prince” email scam. They are strategic, effective, increasingly lucrative, and do not discriminate against industry or business size. As these attacks become more frequent, you must be diligent, skeptical, and cautious, and implement information system security best practices to avoid becoming a statistic.
What is a BEC Attack?
In a BEC attack, a cybercriminal hacks the corporate email account of an executive or other senior-level employee, and impersonates that person to defraud the company, its customers, partners, or employees into sending money or sensitive data. This type of Man-in-the-Middle attack is sometimes referred to as a Man-in-the-Email attack because the hijacked communication stream always involves email communication.
BEC by the Numbers.
These attacks are becoming more common, so much so that both the FBI and information security companies have taken notice in the last several years. Based on the statistics the FBI has compiled, total global losses attributed to BEC now exceed $12.5, which is up from $5.3 billion in 2016.
Notable BEC Victims.
In 2015, the global toy company Mattel fell victim to a BEC attack resulting in the loss (and eventual return of) $3 million. In this attack, a cybercriminal posing as Mattel’s CEO, Christopher Sinclair, sent an email to Mattel’s finance executive requesting the wire transfer of $3 million to the Bank of Wenzhou in China. Fortunately, with the help of the FBI and the Bank of Wenzhou, they were able to retrieve the funds shortly thereafter.
How to Avoid Falling Victim to BEC Attacks.
With an ounce of prevention, you can avoid falling victim to one of these debilitating attacks. Educating your staff and implementing information security best practices, including 24x7 monitoring, are essential and proactive ways to protect yourself and your data. However, there are other methods, too.
On October 30th at 11:00 AM ET, I will be hosting a free webinar entitled “Think Like A Hacker: Unmasking Business Email Compromise” in which I will go into greater detail about these attacks and the additional information and network security measures you can take to prevent them from happening to you. RSVPs are required, so CLICK HERE to sign up today.