Business email compromise risks (BEC) are a long-standing and ever-evolving threat that targets individuals and companies alike. These scams often rely on tactics that play off real-world events or established interpersonal relationships to trick their victims into transferring money or sensitive information. Unfortunately, BEC scams are becoming increasingly sophisticated, and their impact is growing. In 2020, losses from BEC exceeded $1.8 billion, a fourfold increase since 2016, and the number of BEC incidents rose by 61% during the same period.
To protect your business from BEC attacks, employee education is essential. Training your staff to recognize the red flags of BEC scams, such as last-minute changes to wiring instructions or recipient account information, is crucial. Additionally, it’s essential to have a layer of threat detection in place, including monitoring for anomalous behavior both on-premises and in the cloud.
With more companies relying on cloud services like Microsoft Office 365, it’s crucial to ensure that you have adequate security measures in place to monitor activity in cloud-hosted applications. Traditional perimeter security tools, such as firewalls, are not always enough to detect threats in cloud environments.
Moreover, having enough IT security staff to monitor your environment around the clock is crucial. Managed threat detection and response can be a force multiplier if you cannot monitor your environment 24/7.
The FBI recommends several tips to help individuals and businesses avoid falling victim to BEC scams, including being skeptical of last-minute changes to wiring instructions or recipient account information, verifying any changes and information via the contact on file, double-checking the URL, and verifying the email address used to send emails. Additionally, employees should pay attention to clues within BEC emails, such as misspelled hyperlinks, unusual activity, or suspicious requests from high-level executives.
If you have been a victim of BEC, it’s crucial to file a detailed complaint with the Internet Crime Complaint Center (IC3). To learn more about BEC threats and how to defend against them, contact Rouse Consulting Group for guidance, education, and technology to strengthen your security posture.