Simple Ways To Prevent Multimillion-Dollar Losses From BEC

Receiving an urgent email from a boss likely would cause employees sit up and take notice. This could be an opportunity to make a move and deliver results that advance their career, or it could be the chance to explain a massive mistake, so the person truly responsible is held accountable. An urgent email from the boss could be about any number of things, but most employees would never think about the possibility that it’s a crucial step in an ingenious scam that could cost the company millions of dollars.

Through hacking or deception, criminals gain access to corporate email accounts. Posing as high-ranking company executives, these cyber-criminals then send out emails trying to authorize the transfer of money for business purposes. In reality, they’re tricking employees into stealing corporate funds for them, and the losses can be devastating. Over more than a two-year period, the FBI has estimated more than $960 million was lost due to BEC scams. These BEC scams can strike any size business in any sector at any time. All it takes is a single gaffe by someone in the company to provide the opportunity these fraudsters need.

Although the threat of BEC may come as dire news for your business, there are some simple procedures management and IT professionals can take to avoid being victimized by these scams. For example, there should be some form of multi-factor or two-factor authentication required to authorize the transfer of funds. An email requesting the transfer of funds should always be accompanied by another form of verification — whether that’s a security question, PIN, or verified text message. Providing regular training for all financial professionals in the company is another important weapon in the fight against these types of cybercrimes. Awareness can ensure that employees are always vigilant against common BEC tricks and tactics.

For more info check out this guide stating simple ways to prevent multimillion-dollar losses from Business Email Compromise created by endpoint security company Halock Security Labs.