Commercial Email Engagement: How to Protect Yourself from Cyber Fraud

According to the Data Breach Investigations Report, one in three cybersecurity breaches involves compromising a corporate email due to a phishing attempt. The statistics are troubling and make it imperative that companies focus on cybersecurity to protect their businesses and assets. Read on for more information on Business Email Compromise (BEC) and how it may affect you.

Understand the compromise of corporate email

Business Email Engagement is an online scam targeting organizations that perform transfers and have international suppliers. The email accounts of senior executives or employees related to finance payments are compromised by phishing attacks to make fraudulent transfers, which can result in hundreds of thousands of dollars.

A phishing attack occurs when a scammer introduces himself as a trusted institution and contacts you via email or other social media platforms to obtain your personal information, credentials, credit card number, or bank account information. This social engineering scheme has evolved into a deadly weapon known as Business Email Compromise or Email Account Compromise (EAC).

Types of BEC scams

Topics in many email compromise business examples include words and phrases such as to request, payment, transfer, and urgent. The FBI has identified five types of BEC scams:

Executive Fraud: Attackers personify the company’s CEO or any other executive and send an email to people requesting transactions for an account they control.

Fake Billing Scheme: Companies with international suppliers are regularly attacked with this strategy, in which attackers pretend to be suppliers and want to transfer money to a fraudulent account.

Account Hacking: A hacker gains access to an executive or employee’s email account and uses it to send bill payments to vendors mentioned in their email contacts. The money is subsequently transferred to fake bank accounts.

Data theft: In this attack, staff members and accountants aim to obtain personally identifiable information (PII) or tax returns from employees and managers. This information can be exploited in future attacks.

Counterfeiting Lawyers: Offenders present themselves as an attorney or a member of a law firm allegedly responsible for sensitive and confidential information and requiring unauthorized payments. These false claims are usually sent through emails or phone calls at the end of the business day.

Unlike traditional phishing or spam emails, BEC communications rarely contain clickable links or files for you to download. Traditional solutions cannot detect these scams because they do not contain dangerous links or attachments.

However, employee education and awareness can help companies detect this form of fraud. Furthermore, investing in cybersecurity services can help reduce risks and their consequences.

How does BEC work?

Scammers use a variety of tactics to send these emails as part of their identity fraud, including one or more of the following:

Domain spoofing: An attacker would impersonate a colleague or a trusted vendor’s display name and sender address in an email to make it appear as if it came from a trusted colleague or vendor. This technique is known as domain spoofing.

Compromised Accounts: An attacker could hack an account or otherwise access an employee’s username and password to send an email.