Business Email Compromise (BEC) is a type of cybercrime that is quickly becoming one of the top security threats for businesses of all sizes. According to the FBI, BEC scams resulted in over $1.7 billion in losses in 2019 alone. In this article, we'll take a closer look at what BEC is, how it works, and what businesses can do to protect themselves from this growing threat.

What is Business Email Compromise?

Business Email Compromise, also known as CEO fraud or whaling, is a type of scam that targets businesses that conduct wire transfers or have access to sensitive financial information. The scam typically begins with a cybercriminal sending a spoofed email that appears to be from a high-level executive at the company, such as the CEO or CFO. The email will often request that a wire transfer be made to a bank account controlled by the cybercriminal, under the guise of a legitimate business transaction.

How Does Business Email Compromise Work?

BEC scams are often sophisticated and well-planned. Cybercriminals will often spend weeks or months researching the targeted company, gathering information about key executives and their communication patterns. They may also use social engineering tactics, such as creating fake login pages or sending phishing emails, to gain access to email accounts or other sensitive information.

Once the cybercriminal has gained access to a legitimate email account, they can use it to send emails that appear to be from the executive. They may use language and terminology that the executive commonly uses, making the email seem more authentic. In some cases, they may even use a spoofed email address that is nearly identical to the executive's real email address, such as changing "o" to "0" or "i" to "l".

Real World Examples

One of the most high-profile examples of a BEC scam occurred in 2016, when a Lithuanian man was arrested for allegedly stealing over $100 million from two US tech companies. The man was accused of using phishing emails and fake invoices to trick the companies into wiring money to bank accounts he controlled. The scam reportedly involved dozens of people, including co-conspirators in the US and Malaysia.

In another example, a small business owner in the UK lost over £10,000 to a BEC scam. The owner received an email that appeared to be from their accountant, requesting payment for a recent invoice. The owner wired the money to the account provided in the email, only to later discover that the email had been spoofed and the money had been sent to a cybercriminal.

How to Protect Your Business?

To protect your business from BEC scams, it's important to take a multi-layered approach to cybersecurity. This includes:

• Educating employees about the risks of BEC and other types of cybercrime
• Implementing two-factor authentication and other security measures to protect email accounts and other sensitive information
• Conducting regular security audits and vulnerability assessments
• Monitoring financial accounts for suspicious activity
• Establishing clear procedures for wire transfers and other financial transactions, including requiring multiple approvals and verifying the authenticity of requests

By taking these steps, businesses can certainly reduce their risk of falling victim to a BEC scam and other types of cybercrime. However, it's important to remember that cybercriminals are constantly finding new ways to exploit vulnerabilities and gain access to sensitive information. That's why it's crucial to partner with a reliable cybersecurity provider like Cybergen that offers comprehensive solutions to protect your business from sophisticated threats like BEC. With Cybergen's advanced security measures and expert guidance, you can rest assured that your business is safeguarded against the latest cyber threats.