Business Email Compromise (BEC) scams have become prevalent in recent years, with cybercriminals targeting individuals and organizations of all sizes. According to the 2022 Internet Crime Report by the FBI’s Internet Crime Complaint Center (IC3), they received nearly two million complaints in 2022, a 16% increase from the previous year.
The reported losses totaled over $8 billion, with the most significant loss attributed to BEC scams.
In light of these alarming statistics, it’s now crucial for businesses to be proactive in safeguarding their email communications from BEC scams.
At Intelligent Technical Solutions (ITS), we’ve been helping hundreds of businesses strengthen their cybersecurity measures by setting up suitable solutions and providing helpful guides. In this article, we sat down with Ryan McBride, a cybersecurity expert from Field Effect, to answer the following questions:
- What are the tips to prevent BEC scams?
- What should you do after a BEC attack?
After reading, you can help protect your business against this growing threat and avoid falling victim to costly and damaging BEC scams.
1. Educate employees about BEC attacks.
One of the most critical steps in preventing BEC attacks is to educate employees about the risks and consequences of such attacks. Train them to recognize phishing emails, fake domains, and other social engineering tactics attackers use.
They should also be aware of the company's policies regarding email communication and the procedures for verifying requests for money transfers or sensitive information.
“The main focus of security awareness training is to help people familiarize themselves with suspicious communications [that intend to take] their passwords. So, the best thing to do as an individual is to familiarize yourself with what phishing scams or different types of scams look like so that you’re better prepared if you receive one,” McBride says.
The training should be ongoing and periodically updated to reflect new attack techniques.
2. Implement Multi-factor Authentication (MFA).
Using MFA adds an extra layer of security to email accounts, making it more difficult for attackers to gain unauthorized access.
This means that even if a malicious actor obtains a user's password through phishing, social engineering, or other means, they will still need the secondary authentication factor to breach the account successfully. Common secondary factors include:
- Something you know (like a PIN)
- Something you have (such as a security token)
- Something you are (biometrics data like fingerprints or facial recognition)
This added security is especially crucial for sensitive email accounts, which often contain confidential information, personal data, or access to other critical online services, making them attractive targets for cybercriminals.
3. Use email filters and anti-virus software.
Email filters and anti-virus software can help detect and block malicious emails before they reach the user's inbox.
These tools can identify suspicious links, attachments, and email addresses and quarantine them for further analysis. They help reduce the risk of employees accidentally clicking on a malicious link or downloading a malware-infected attachment.
4. Establish strict approval procedures for financial transactions.
BEC attacks typically involve requests for money transfers or other financial transactions.
Implementing strict approval procedures for all financial transactions would be best to prevent such attacks. This includes verifying the requestor's identity and confirming the request's validity through multiple channels such as phone, email, and, most especially, in-person.
You should also limit the number of employees with the authority to initiate financial transactions and monitor their activities closely.
5. Monitor email traffic and usage.
Monitoring email traffic and usage can help identify unusual patterns or behaviors indicating a BEC attack. Check on emails that are:
- From unfamiliar sender or recipient addresses,
- Sent outside of normal business hours, and
- Containing suspicious content or requests.
You should also monitor email accounts for unauthorized access or changes to account settings.
6. Adopt a strong password policy.
Businesses should implement a strong password policy that requires employees to use and change complex passwords periodically. It should combine upper- and lower-case letters, numbers, and symbols.
In addition, you should enforce password expiration and lockout policies to prevent unauthorized access to email accounts.
Related: How to Make Strong Passwords: 8 Tips for 2023
7. Regularly backup data and maintain a disaster recovery plan.
Finally, regularly back up your data and. maintain a disaster recovery plan to ensure business continuity during a BEC attack.
Regular backups can help restore data and minimize downtime during a ransomware attack or data loss. A disaster recovery plan should include the following:
- Procedures for restoring email systems
- Notifying employees and stakeholders
- Assessing the extent of the damage
What should you do after a BEC attack?
If you’ve experienced any breach or an incident related to losing your credentials, all impacted users should reset their passwords first and foremost.
After that, you need to validate if the user has:
- Clicked any links,
- Gave up personal or company information, or
- Opened any attachments.
Look into any other suspicious behavior. Investigate any strange inbox rules created in the user's account by looking at user actions and any changes in the system.
You may ask questions like, “Did it have any new inbox rules created or forwarding rules?” and “Is there anything weird that was not there before?”
And then, eliminate those things, reset passwords, and enable multi-factor authentication (MFA) to prevent future attacks.3
Need help with BEC scam prevention?
Following these tips can reduce the risk of falling victim to a BEC attack and protect your sensitive information and financial assets. And it requires:
- A proactive and ongoing effort that involves educating employees,
- Implementing security measures,
- Monitoring email traffic and usage, and
- Maintaining a disaster recovery plan.
Furthermore, your organization should stay updated with the latest security threats and technologies to ensure effective email security measures.
You should also seek assistance from IT security experts such as ITS to conduct security assessments and provide recommendations for improving your security posture.
At ITS, we provide businesses with advanced cybersecurity solutions that can help protect against security incidents and data breaches. If you want to learn more about security breaches and how you can help your business avoid them, check out these references:
- Data Breaches: A Definitive Guide for Business Owners
- 3 Types of Cybersecurity Solutions Your Business Must Have
- 20 Best Security Providers for Business Email Compromise in 2023
You may also reach out to us directly by scheduling a one-on-one meeting with one of our security experts.