Business Email Compromise (BEC) is a kind of scam that targets huge companies to gain access to their emails. It is also called as CEO Fraud. Cyber criminals usually target the CEO or someone in high position especially in finance or treasury department.
They study every details of their target person from complete name to its business schedules. They research first before doing an attack to ensure the success of their CEO Fraud. They hack the target’s email address and use it to trick victims. Cyber criminals impersonate the CEO and fool their victim to do unauthorized wire transfers or to divulge confidential company details.
BEC Attack Methods
One of the attack methods in BEC or DEO Fraud is Phishing. It is commonly an email that is masked as a monetary prize or coming from a big institution.
They will ask for private information like bank or credit numbers, passwords and personal details that they will use to access bank accounts and even steal personal identity. Another method is by whaling. Cyber criminals target people in executive positions because they hold the authority and access within the company. Like phishing, they get confidential data of their target to use in illegal ways. Social engineering includes mining of confidential information in social media sites such as Facebook and LinkedIn. Business sites that require real data is a gold to cyber criminals because they can get accurate data of their victim. Main targets of these kinds of criminals in the cyber world are usually personnel from the HR Department, Accounting Officers and even IT people.
Protection against BEC Scam
Employees in an organization should be mindful of every email they receive. Wrong spelling, irregularities in email signatures and typographical errors should consider as a red flag. Everyone should stay aware of red flags.
Using of digital signature is another thing for the employees or possible victim of this scam to get a notification that the email is properly sent. It is also a big help for a company to set a security policy especially in company emails and other systems. Developing a cyber-security plan can also help to prevent the risk of being attacked by BEC. There are companies who offer anti-phishing services to lot of its clients and guarantee 100% of taking down hundred thousand malicious sites. Specialized security analysts do the 24 x 7 proactive monitoring to its clients to track everything suspicious and to turn these down as early as possible.