The dangers of business email compromise with examples

Business Email Compromise (BEC) is a growing threat to businesses of all sizes. BEC scams involve criminals posing as legitimate business partners or executives in order to steal sensitive information or money. These scams can be incredibly sophisticated and often target the finance and accounting departments of a business.

One of the most common types of BEC scams is the "fake invoice" scam. In this scam, criminals send an email to the accounting department of a business, posing as a legitimate vendor and requesting payment for an invoice. The email may include a fake invoice attached to the email, and often includes a sense of urgency to make the payment. The payment is then made to the criminal's account, rather than the legitimate vendor.

Another common type of BEC scam is the "fake CEO" scam. In this scam, criminals will send an email to an employee, posing as the CEO or other high-level executive, and requesting sensitive information or money. The email will often include the executive's name and email address, making it appear legitimate.

Examples of BEC emails can be:

1. An email from a fake vendor requesting payment for an invoice.

2. An email from a fake CEO requesting sensitive information or money.

3. An email from a fake legal representative requesting payment for legal services.

To protect your business from BEC scams, it is important to implement a number of security measures. Here are a few recommendations:

1. Educate employees: Make sure employees are aware of the risks of BEC scams and how to spot them.

2. Implement two-factor authentication: Use two-factor authentication for all email and financial transactions to add an extra layer of security.

3. Verify requests for sensitive information: Always verify requests for sensitive information or money, even if they appear to be from a legitimate source.

4. Use anti-phishing software: Use anti-phishing software to detect and block phishing emails.

5. Regularly review financial transactions: Regularly review financial transactions to detect any suspicious or fraudulent activity.

6. Carefully examine the sending address before taking any action on any email. Scammers often use “impersonation domains” that look similar to the official domain. For example: (john.smith@examp1ecompany.com vs. john.kelly@examplecompany.com) (the “L” in example could be a 1, a uppercase i, or an L.

In conclusion, Business Email Compromise (BEC) is a growing threat to businesses of all sizes. It is important for businesses to be aware of the dangers of BEC and to implement security measures to protect themselves. By educating employees, implementing two-factor authentication, verifying requests for sensitive information, using anti-phishing software, and regularly reviewing financial transactions, businesses can reduce the risk of falling victim to a BEC scam.