According to the FBI, CEO Fraud or Business Email Compromise (BEC) has impacted more than 22,000 companies.

The losses amount to over $3 billion.

From 2015 to 2017 the FBI said BEC the losses rose 1300%!

But most companies have done little or nothing to address it.

This BEC Prevention Guide will start you down the road to protecting your business from this epidemic.

What is BEC?

BEC is a wire transfer fraud perpetrated through social engineering or computer hacks.

The criminals use the information gather to make unauthorized wire transfers.

Social engineering simply means fooling an authorized person to make the transfer into an unauthorized account, often in China and Hong Kong.

And here’s why it’s so urgent that your company deal with this issue now: After an unauthorized transfer is made, and 24 hours passes, you’ll almost NEVER recover the money.

Your window of recovery is tiny.

And don’t think it’s only big companies that get hit. Small businesses are hit just as often probably because criminals think they will be an easier mark.

How Do They Do It?

Usually, they send phishing emails. They pretend to be a reputable company representative. They blast out emails to many users and see if they can get them to respond with sensitive information. Sometimes they’ll even pretend to be the FBI or the IRS.

They figure if they send enough emails, SOMEONE will make a mistake and provide them with the information they need.

Another method is called “Whaling.” This is when, instead of sending emails to hundreds of users, they target executives or administrators.

Both types of emails employ psychological manipulation. And both can be very effective if your people are not trained to recognize them.

In 2016 the investigation into the Verizon data breach, showed that 30% of the people who got the phishing messages opened them. 12% opened attachments.

Once these attachments are opened, they may release malware and spyware. And when that happens, the criminals can just hoover up all the sensitive data your network can deliver. Often for months.

And then they use all this data to launch a BEC attack by pretending to be one of your executives or financial personnel.

Are You at Risk?

While you may think you’re covered against fraudulent financial transactions by your insurance, that’s not true. BEC is considered an email fraud and not a financial instrument fraud.

Your insurance will consider it internal negligence not a problem, and they will not pay claims unless you have coverage specifically for data breach and cyber-crime.

Who Will They Target?

While mass phishing scams may target tens or even hundreds of your employees, those most at risk are…

It’s Not Just an IT Problem

Many C-levels feel that things like email security, virus and malware are ‘beneath them” literally and figuratively. “That’s a job for IT.”

Believe this at your own peril.

The FBI is warning corporations of the risk. It’s a growing problem. And it’s a C-level responsibility to insure your organization is acting reasonably to prevent this crime.

Saying “That’s a job for IT” is not acting reasonably when it comes to BEC and can leave you wide open to lawsuits.

And remember, a BEC attack could…

These factors make BEC a C-Level responsibility.

Finally, IT will never be enough to prevent BEC. All the antivirus, email security programs and backup systems won’t be enough if you don’t have a human firewall.

What’s a human firewall?

A human firewall is when your staff is so well trained against BEC that they do not fall prey to the psychological manipulation used by scammers.

This is the most important concept to address when it comes to preventing BEC. Criminals know that your PEOPLE are the easiest firewall to breach.

How to Prevent BEC

  1. Identify High-Risk Staff and insist on more safeguards for them.

For any major financial transactions or wire transfers, require multiple authorizations. And then add a “wait period” before the transfer is processed.

Examine the LinkedIn and Facebook accounts of these users to make sure no sensitive company data is displayed.

  1. Install technological safeguards.
  1. Beef up Policy

Set security policy, review it regularly for gaps, and insist upon adherence.

Include the following…

  1. Write Procedures for…

Cyber-Risk Planning


Conduct Simulated Phishing

Watch out for Warning Signs in Emails

What to Do When You Get Attacked

Call Petronella Technology Group, Inc. today at 877-468-2721 to learn how to protect your business before it’s too late!

Schedule an Appointment

Schedule an Appointment

    Our clients are awesome!

    Based on 55 reviews
    Jeremy Richards
    Jeremy Richards
    Petronella provides great advanced digital marketing and automation solutions for my business!
    Kate Swenson
    Kate Swenson
    Highly recommended for CMMC certification assistance! Excellent and affordable options for secure data hosting on local infrastructure. 5 stars!
    Tom Matzen
    Tom Matzen
    Petronella Technology Group helped us setup our sales and marketing automation, cybersecurity and compliance for our new Blockchain startup. Great to work with! Craig in particular really knows his stuff, can translate into non-tech speak, and has wisdom beyond his years. Highly recommend them.
    Justin Summers
    Justin Summers
    Craig is awesome! He is very professional and efficient with his work. I would definitely recommend Petronella Technology to anyone who needs state of the art service.
    Blake Rea
    Blake Rea
    Craig is an expert in his field. Impressed by his knowledge, A true pioneer in Cybersecurity. My business is safer thanks to Petronella Tech!
    Robert Friedman
    Robert Friedman
    For the last five years Craig has been the Contributing Editor for Cybersecurity for NC Triangle Attorney Law Magazine which I publish. His base of knowledge is always leading edge, pragmatic and early to understand for our readers who are not techies. He is patient and easy to work with.
    Tammy Everett
    Tammy Everett
    Craig Petronella, CEO of Petronella Technology Group provided the members of the Defense Alliance of North Carolina expert advice on cybersecurity and NIST compliance. Eye opening experience! Thanks so much!
    Julie Brown
    Julie Brown
    Craig and the Petronella Technology Group, Inc. team made HIPAA compliance for my small practice so simple and easy! They helped me with all of my HIPAA training, HIPAA Security Risk Assessment, Penetration Test, and HIPAA secure hosting so I can rest easy.
    Pivot Point
    Pivot Point
    Petronella Technology Group helped us with our marketing strategy for our new web startup. Awesome experience!!!!