Just how aware are we all of how easy it is to compromise our whole business with just one click of the mouse?
Phishing emails have evolved since the first recorded use of the term in 1996 and we’ve evolved to spot some of them; from African princes who have a fortune they need your help to wire overseas to long-lost relatives in dire financial crisis and dating scams to money for medical emergencies. We’re more savvy these days about these spoof financial requests.
But the scammers are evolving faster and one of the greatest risks today is business email compromise where senior executives are tricked into transferring funds or divulging sensitive information. It’s now known as business email compromise (BEC).
BEC criminals undertake a lot of research to find the right person to target within an organisation, their chain of command and even the best time to send an email. BEC is more of an attack on social engineering than one on security systems.
We have seen many examples of senior employees receiving an email purporting to come from their boss asking them to transfer funds for an “urgent” deal. Undertaking the fraudulent instructions can lead to large losses as well as a breakdown in relationships between employees and senior managers.
The use of emotive language from the supposed ‘boss’ can be convincing and this emulation of a CEO’s style can be at the heart of a scam like this.
Taking the time to research individuals using work websites and personal emails gives the fraudsters valuable information, so everyone should review their privacy settings to restrict what can be seen about you as an individual. This also applies to things your friends and family say about you.
If something appears suspicious then it should be flagged as junk or spam and your IT team should be informed. If you do click on something suspicious, then the earlier you tell your IT department or firm the better.
However, it can be hard to spot what is suspicious. Some red flags include:
Having the confidence to ask ‘Is this genuine?’ can go a long way to preventing BEC attacks.
Take the time to read this excellent guide to BEC from the National Cyber Security Centre.