Business Email Compromise (BEC), also known as whaling and CEO fraud, is an elaborate email scam in which fraudsters use social engineering tactics to prey on businesses and senior company executives. It is currently one of the most severe threats to corporate email security in the US.
In 2017, an official FBI public announcement indicated that over 40,000 businesses experienced BEC attacks and reported a combined loss of $5.3 billion. The figure is estimated to rise to $9 billion in 2018.
With so much risk to financial security, business enterprises of all sizes need to prevent BEC. It is vital to understand the dangers involved and protect the assets of your organization by implementing proven BEC security policies and Mail Protection Service (MPS) for enterprises.
Don’t Use Free Email Accounts
Email accounts on free platforms like Gmail and Yahoo are most susceptible to BEC scams because of their lower security policies. Instead, open up a company domain and use it to create all necessary email accounts at the company. This ensures that the domain authentication technologies can be used to prevent unauthorized emails from deceiving your employees.
Popular email platforms can still be used to view emails, but the main security protocols should come from the primary domain.
Delete Suspicious Emails
Business email compromise relies heavily on social engineering to make it seem genuine and arriving from a reliable source. When receiving a supposedly legitimate payment request from an executive, open a similar email and check the email address, the content of the email, email signature and other unique items in communication. If the information doesn’t match; delete the email.
Requests to click links and make the payment from a suspicious online source is another sign that the email might be a BEC scam. Don’t click them. The link might take you to an unsecured website or open ransomware – one of the top five threats to email security on large enterprises.
Use Two-Step Verification
Business email compromise combines W-2 theft and wire fraud when targeting businesses. Two-way verification helps companies to solve the problem of this type of financial fraud by implementing a company-wide policy of approving transactions before the funds’ transfer.
For example, if a BEC email impersonates the CEO, forward the email to the CFO or make a phone call to confirm the money can be wired to the requested account. If the request is denied, it’s a clear sign of a BEC scam.
Use Two-Factor Authentication
Implementing two-factor authentication for email accounts is another way to increase security and prevent whaling scams. A scammer is less likely to gain access to this type of information because it is explicit to the owner of the account. If it’s a joint company account, the authentication should be shared only among a select few executives.
Password protection and a unique dynamic PIN, code or a security question all increase the difficulty of accessing critical accounts.
Use Advanced Security Software
AnubisNetworks is focused on stopping Business email compromise (BEC) and other forms of cyber attacks. Our advanced email security software provides a business solution that relies on global infrastructure for real-time threat detection and prevention.
If you are interested in raising the security with Mail Protection Service, schedule a demo today. Discover how you can increase the level of email safety at your company.
Author: Carla Barata
Marketing Manager at AnubisNetworks. Carla possesses an extensive experience in marketing, public relations, social media and events in the IT sector. But most important, she is an evangelist of Email Security solutions at AnubisNetworks. She likes "bringing the good news" and help companies to stay safe against the most recent and advanced cyber threats.