In a recent cybercrime report, the FBI revealed that over 300,000 companies filed complaints about business email compromise in 2017, and reported losses in the area of $1.4 billion. As criminals develop new techniques, the number of scams will only continue to fuel the rise of BEC scams.
To have a better understanding of how this might affect your business, here’s a quick look at what is BEC and the impact it has on business.
What Are Business Email Compromise Attacks?
A business email compromise (BEC) is a type of phishing attack in which the cybercriminal aims to steal the identity of a high-ranking executive employee and use it to defraud the company. An attacker can use the stolen information to deceive other employees, suppliers, business partners, banks, customers, or anyone else associated with the company into making solicited payments to the criminal’s account.
To achieve this, BEC attackers usually rely on spoofing techniques and social engineering. The attacker would typically go through the inbox or contact list and find suitable targets. Then, after impersonating the high-ranking executive, they would either look to cheat the victims out of their personal information or make requests for money transfers.
Because business email compromise is not limited only to one individual, but the entire network associated with the company, it has a severe negative impact on business.
What is the impact of Business Email Compromise Attacks?
1. Financial Loss
The first and most obvious impact of BEC is the economic threat to business. If the BEC attacker can gain entry to an executive’s email account, they have access to a whole host of sensitive company data.
From bank account numbers and passwords to pending invoices and customer information, they can use that data to request payments and money transfers to their account. That creates a significant financial loss, small-to-medium sized companies can rarely recover from.
2. Loss of Reputation
In case the attacker uses the information to target suppliers, partners or customers, a company is also at risk of tarnishing its reputation. Word can quickly spread that dealing with the company is a security risk. No one would want to do business with the attacked enterprise to protect their information.
3. Loss of Employee Trust
Reputation isn’t limited to external operations. Internally, a company might be at risk of losing some or all of its staff. Because that if it cannot protect the personal information of its employees, the business would also be unable to retain current staff or hire new staff.
And again, due to the financial losses, the company might also be forced to fire its employees to minimize overhead costs as it tries to regain the money it lost.