Business email compromise (BEC) is a type of online scam where a cybercriminal tricks a company or its employees into transferring money or sensitive information to the fraudster's account.
The scam typically starts with an email that looks like it is from a trusted source, such as a colleague, supplier, customer, or boss, but is actually from the fraudster. The email might use social engineering techniques to persuade the recipient to perform a specific action, such as wire transfer money, change bank account numbers, provide sensitive information, or buy gift cards or send funds to a specific account.
BEC attacks can be very convincing, as the fraudsters often spend time researching their targets, and they may use language and tactics that make the emails seem legitimate. These types of attacks can cause significant financial losses for businesses and individuals, so it's important to be cautious when receiving any email that requires you to provide sensitive information or perform financial transactions.
To avoid BEC scams, you should always verify the authenticity of any requests for funds or information. Double-check the sender's email address, scrutinize the content of the email, and if possible, confirm the request by phone or in person with the supposed sender. Additionally, businesses should consider implementing technical security measures such as two-factor authentication, training employees on cybersecurity best practices, making use of the Sender Protection Framework (SPF) and Domain Key Identified Mail (DKIM), and monitoring financial transactions for suspicious activity.
To view other PMMI CyberHealth content, visit pmmi.org/cyberhealth Got a more specific question? Email [email protected]. Be sure to also opt in to the CyberHealth e-newsletter to get cybersecurity updates straight to your inbox.