According to the FBI, hackers used business email compromise (BEC) scams to defraud companies for over $12.5 billion between 2013 and 2018. IT services experts in West Palm Beach recommend companies become aware of this type of scam and how to avoid becoming a casualty to it.
How Does a BEC Scam Work?
HR receives an email that seems to come from an employee requesting to change the bank account where her paycheck gets deposited. It's a common request and HR processes the request as usual. Next payday, the employee comes in asking where her direct deposit was.
Come to find out, the email hadn't come from her. It had come from a hacker. Her paycheck had been diverted to an account controlled by the hacker.
This is a common example of a business email compromise scam. A hacker poses as someone inside the company making a legitimate business request. The person receiving the email doesn't see anything odd and processes the request. By the time the deception is discovered, the damage is done.
Other common BEC scams include:
- An email to accounting requests a wire transfer for a particular business purpose.
- An email to payroll requests an updated list of employees with their social security numbers, addresses, and current salaries.
- An email to accounts payable requests an immediate payment for a specific invoice.
How to Avoid BEC Scams
The good news, according to IT services experts in West Palm Beach, is that there are straightforward ways to reduce the chances of a BEC scam succeeding.
- Have a set protocol in place for making common requests such as changing a direct deposit account or requesting a wire transfer. The protocol can include in-person verification, using specific forms, and/or two-party authorization. The protocol should not allow anyone to bypass the requirements, including executives.
- Requiring all employees to go through training on how to spot phishing emails of all sorts, including BEC scams. Common signs of a phishing scam include incorrect email addresses, poor spelling or grammar, and unnecessary urgency requested. The person receiving the phishing email is the main line of defense against such scams.
- Have policies in place on how to handle BEC emails. If an employee suspects an email is suspicious, the policy gives directions on how to proceed.
BEC scams are another form of cyber attack that your company needs to take steps to prevent. If you need assistance with your cybersecurity, contact us at Nexxen Technologies. We are the experts on cybersecurity and IT services in West Palm Beach.