Business email compromise, otherwise known as CEO fraud or BEC, is a scam that uses a variety of techniques to trick someone in your organization into sending highly sensitive info or wiring money to an unauthorized account, often leading to hundreds of thousands in financial losses. Yeah, pretty scary right? This is a very real reality for many in the working world, and most CEO's are not aware of the many risks.
So, how does it happen?
Like so many attacks, BEC typically begins with phishing campaigns and data mining. Criminals will often spend weeks or months researching their targets and then use that intel as leverage to gain their targets’ trust.
How does it work?
With enough info, the attackers compromise or spoof the email addresses of high-level employees and then use those accounts to send emails requesting wire transfers of money. Since the recipient of the request believes it comes from their boss, they are more likely to comply.
What can you do to prevent it?
First and foremost, train your employees to stay alert for these types of attacks. Even a simple character change in an email address could be enough to convince a busy worker to comply with a request. Encourage them to treat all requests with a high degree of skepticism. Next, adopt the “four-eyes principle”, which requires at least two people to approve certain transactions. This may cause a delay, but it’s better than the alternative.
Finally, anyone with high-level access should remain astutely aware of whale phishing campaigns, and be especially cautious with what info they share on social media and other public forums. Attackers use social media to gain info about their targets and leverage that info as a part of phishing campaigns.
Want to learn how to prepare yourself against a Cyber attack? Read our article "5 Ways to Prepare For, Respond To, and Recover From a Cyber Attack."