According to the FBI, CEO Fraud or Business Email Compromise (BEC) has impacted more than 22,000 companies.
The losses amount to over $3 billion.
From 2015 to 2017 the FBI said BEC the losses rose 1300%!
But most companies have done little or nothing to address it.
This BEC Prevention Guide will start you down the road to protecting your business from this epidemic.
What is BEC?
BEC is a wire transfer fraud perpetrated through social engineering or computer hacks.
The criminals use the information gather to make unauthorized wire transfers.
Social engineering simply means fooling an authorized person to make the transfer into an unauthorized account, often in China and Hong Kong.
And here’s why it’s so urgent that your company deal with this issue now: After an unauthorized transfer is made, and 24 hours passes, you’ll almost NEVER recover the money.
Your window of recovery is tiny.
And don’t think it’s only big companies that get hit. Small businesses are hit just as often probably because criminals think they will be an easier mark.
How Do They Do It?
Usually, they send phishing emails. They pretend to be a reputable company representative. They blast out emails to many users and see if they can get them to respond with sensitive information. Sometimes they’ll even pretend to be the FBI or the IRS.
They figure if they send enough emails, SOMEONE will make a mistake and provide them with the information they need.
Another method is called “Whaling.” This is when, instead of sending emails to hundreds of users, they target executives or administrators.
Both types of emails employ psychological manipulation. And both can be very effective if your people are not trained to recognize them.
In 2016 the investigation into the Verizon data breach, showed that 30% of the people who got the phishing messages opened them. 12% opened attachments.
Once these attachments are opened, they may release malware and spyware. And when that happens, the criminals can just hoover up all the sensitive data your network can deliver. Often for months.
And then they use all this data to launch a BEC attack by pretending to be one of your executives or financial personnel.
Are You at Risk?
While you may think you’re covered against fraudulent financial transactions by your insurance, that’s not true. BEC is considered an email fraud and not a financial instrument fraud.
Your insurance will consider it internal negligence not a problem, and they will not pay claims unless you have coverage specifically for data breach and cyber-crime.
Who Will They Target?
While mass phishing scams may target tens or even hundreds of your employees, those most at risk are…
It’s Not Just an IT Problem
Many C-levels feel that things like email security, virus and malware are ‘beneath them” literally and figuratively. “That’s a job for IT.”
Believe this at your own peril.
The FBI is warning corporations of the risk. It’s a growing problem. And it’s a C-level responsibility to insure your organization is acting reasonably to prevent this crime.
Saying “That’s a job for IT” is not acting reasonably when it comes to BEC and can leave you wide open to lawsuits.
And remember, a BEC attack could…
These factors make BEC a C-Level responsibility.
Finally, IT will never be enough to prevent BEC. All the antivirus, email security programs and backup systems won’t be enough if you don’t have a human firewall.
What’s a human firewall?
A human firewall is when your staff is so well trained against BEC that they do not fall prey to the psychological manipulation used by scammers.
This is the most important concept to address when it comes to preventing BEC. Criminals know that your PEOPLE are the easiest firewall to breach.
How to Prevent BEC
For any major financial transactions or wire transfers, require multiple authorizations. And then add a “wait period” before the transfer is processed.
Examine the LinkedIn and Facebook accounts of these users to make sure no sensitive company data is displayed.
Set security policy, review it regularly for gaps, and insist upon adherence.
Include the following…
Conduct Simulated Phishing
Watch out for Warning Signs in Emails
What to Do When You Get Attacked
Call Petronella Technology Group, Inc. today at 877-468-2721 to learn how to protect your business before it’s too late!