Are your users aware of the risk of Business Email Compromise?

Oct 29, 2019
Author: Hawsons
Business Email Compromise
Business email compromise cyber-attacks are very low tech which means they are common and you need to be aware of them. The attacker will be using social engineering more than hacking itself.

The way it works is the cyber-criminal will spoof or even gain access to a corporate email account and make a fake email address that is exactly the same as somebody high up in the company. This is so they will be able to defraud the company, employees, customers, or executives of money.

There are many ways in which BEC can target and defraud you:

  • The attacker can pretend to be a CEO or a partner and request an employee to make an emergency payment into a fraudster’s account.
  • Sometimes they will purport to be a supplier requesting a change in payee information, which would actually transfer money into a perpetrator’s account.
  • A lawyer’s email address is sometimes used to pressurise for a payment.

These scams have resulted in worldwide losses of at least $26bn since 2016 according to the FBI in the United States. There are many measures and procedures that can be put in place to prevent Business email compromise. These include, taking care before clicking on any email links or attachments, employee education and training and changing processes to require phone verification of payment changes and having secondary sign offs.

Ryan Kalember, executive vice-president of cyber-security strategy at Proofpoint, said: “Business Email Compromise (BEC) is the most expensive problem in all of cyber-security. There is not a single other form of cyber-crime that has the same degree of scope in terms of money lost.”

How can we help?

At Hawsons we have a dedicated team who provide IT services and cyber security advice in Sheffield, Doncaster, and Northampton. If your organisation handles personal and confidential data and you need help with cyber security compliance then Hawsons can help you. We help organisations with data protection and cyber compliance, protecting their data.

If you would like to book your free first initial meeting with us click here.

If you would like to find out more information about our IT and Cyber security services click here.

Free initial meeting

Charles Kavazy, Director of IT Services

Charles Kavazy

Director of IT Services

0114 266 7141