Protecting Your Organization Against Business Email Compromise Attacks

According to the FBI’s 2022 Internet Crime Report, annual losses from BEC attacks totaled $27.6 billion in 2022. In 2023, these attacks accounted for half of all cybercrime losses in the United States, making BEC the most dangerous cyberthreat for causing financial damage.

How To Prevent Business Email Compromise

Business email compromise (BEC) scams are a major threat to businesses, costing organizations millions of dollars each year. These scams involve attackers posing as trusted individuals, such as vendors or executives, to trick employees into making fraudulent payments or sending sensitive information.

Fortunately, there are several steps businesses can take to prevent BEC scams:

• Educate employees: Train employees to be aware of the red flags of BEC scams, such as urgent requests, unexpected changes in payment instructions, and discrepancies in email addresses. Employees should also be trained to verify the sender’s identity before taking any action.
• Implement multi-factor authentication (MFA): MFA adds an extra layer of security by requiring a second factor, such as a code sent to a phone, in addition to a password to log in to email accounts. This makes it much more difficult for attackers to gain access to email accounts.
• Use strong passwords: Strong passwords are essential for protecting email accounts. Passwords should be at least 12 characters long and include a mix of upper and lowercase letters, numbers, and symbols.
• Be cautious about clicking on links: Phishing emails often contain links that, when clicked, take the victim to a fake website that looks like the real website of the organization they are trying to impersonate. Once the victim enters their login credentials on the fake website, the attacker can steal them.
• Implement email authentication protocols: Email authentication protocols, such as SPF, DKIM, and DMARC, can help to prevent email spoofing. Email spoofing is when an attacker sends an email that appears to be from someone else.
• Report suspicious emails: If you receive an email that you are unsure of, do not click on any links or attachments. Instead, report the email to your IT department.

Business Email Compromise Statistics

Business email compromise (BEC) scams have become a major threat to organizations of all sizes, causing significant financial losses and reputational damage.

Here are some sobering statistics that illustrate the scope of the problem:

• $51 billion: Estimated global exposed losses due to BEC scams in 2023. 
• $27.6 billion: Estimated losses reported to the FBI in 2022 alone. 
• $250 to $984,855: Range of 95% of reported BEC losses. 
• $80,000: Average loss per BEC incident.
• 21,832: Number of BEC complaints received by the FBI in 2022. 
• 65% increase: Increase in identified global exposed losses from BEC fraud in 2022 compared to 2021. 
• 99%: Percentage of reported threats related to BEC scams in 2023
• 140 countries: Number of countries that have received fraudulent transfers through BEC scams. 

How to Prevent BEC Attacks

Train Employees:

• Recognize signs of BEC attacks like urgency, pressure, and spoofed emails.
• Be suspicious of unexpected emails, especially those requesting financial information or payment changes.
• Verify sender identity before taking action.
• Participate in phishing simulations to test awareness.

Implement Technical Measures:

• Use email authentication protocols (SPF, DKIM, DMARC) to prevent spoofing.
• Employ a spam filter to block suspicious emails.
• Enforce multi-factor authentication for all email accounts.
• Update software and systems regularly to patch vulnerabilities.

Establish Security Policies:

• Develop clear policies and procedures for financial transactions and sensitive information.
• Require dual authorization for all financial transactions.
• Review and update security policies and procedures regularly.

Monitor and Detect:

• Monitor email activity for suspicious activity.
• Use a security solution to detect and block BEC attacks.
• Have a plan for responding to and recovering from a BEC attack.

Conclusion

Protecting your organization from BEC attacks requires a layered approach. Combining watchful employee training, strong technology solutions, and clear communication channels can build a strong defense. By staying informed about the latest tactics, fostering a culture of skepticism, and employing multi-factor authentication, you can significantly reduce your vulnerability to these sophisticated scams.