When the COVID-19 pandemic began, businesses in Southern California and everywhere else in the world were forced to either temporarily halt operations or switch to a remote work setup. Those who had to shut down temporarily suffered massive financial losses, which led to most of them filing for bankruptcy.
Cybercriminals, on the other hand, saw an opportunity to exploit the changes in work setups by launching COVID-19-themed business email compromise (BEC) scams. In fact, the Federal Bureau of Investigation (FBI) issued alerts informing businesses about this spreading cyberthreat.
What is business email compromise?
Business email compromise, also called man-in-the-email scam and CEO fraud, is a con wherein businesses are tricked into making wire transfers to a fraudster's account. It starts with hackers spoofing or compromising the email account of a senior or executive manager who can authorize wire transfers. Hackers then send them well-written emails that establish credibility and a sense of urgency, prompting immediate action from the recipient. Fraudsters even use invoices that look almost identical to those issued by vendors to appear even more legitimate.
BEC scams are low tech but have devastating effects. According to the FBI's Internet Crime Report, around 24,000 BEC-related complaints were filed last year, with losses amounting to $1.7 billion. In fact, hackers have had more success with BEC scams than with ransomware attacks.
How to mitigate BEC attacks
With the city of Torrance slowly reopening, establishments and business owners are wondering how they can avoid being a victim of a BEC scam. Here are key approaches to avoid falling victim.
1. Leverage the latest cybersecurity technology
There's a wide variety of cybersecurity products designed to scan emails available. These security tools can inspect links and attachments in emails, sender and recipient information, what domain was used, and the domain reputation. These tools provide an additional layer of protection that identifies and prevents compromised emails from entering your inbox.
2. Implement a verification process
Any requests involving money such as changing payment details or inquiries about vendor information should have a strict verification process. It must be mandatory for finance department personnel, accounts payable staff, and any other individual or team handling your company's money. A good practice is adding a second medium — usually a phone call — to verify requests.
For example, if someone from your finance department or accounts payable receives an email requesting for payment, they should call the requestor using existing contact information (to prevent your employees from accidentally calling the hacker). It's a simple but effective way to verify the authenticity of the email.
3. Educate your employees
Having the latest cybersecurity tools and efficient verification process won't do much good if you don't educate your employees about the dangers of BEC. The reason why BEC scams often work is that people tend to believe in communications that look authentic. Employees who receive an email purporting to be from a legitimate company or person requesting a wire transfer will easily think it's a valid request.
They'll process the request and transfer money to the hacker's account. Regular cybersecurity awareness training will provide your staff with the information they need to identify and avoid falling for BEC scams.
BEC scams cost businesses a lot of money every year. But by implementing the three key approaches mentioned above, you can prevent your organization from being a victim of such scams. Another way to protect yourself is to partner with a reliable managed IT services provider like Complete Document Solutions. Our cybersecurity services help keep businesses around Torrance, CA safe from various forms of cyberthreats. Call us today to learn more.