Cybersecurity in the corporate space has become a social media talking point, bringing much-needed awareness to business security strategy. So what was the subject in question? Business email compromise scams.   

  

It can cost you billions!   

Business email compromise (BEC) is a scam where an attacker aims to defraud businesses. They typically target companies that have suppliers abroad through spoofing, phishing, and wire transfer fraud. It’s a fraud on a colossal scale where the attacker’s goal is to score a huge payday and cash out quickly using money-laundering schemes.    

   

Social engineering is the foundation of this fraud: Exploiting the client’s routine, trust, and confidence. BEC scams come in different forms, ensuring that the fraudsters strike big from so many unfortunate companies.  

   

How did it come to the limelight?    

   

A social media influencer called Hushpuppi was living a lavish lifestyle, and it was not lost on his millions of followers how expensive his taste was. Although questions started to emerge about his source of wealth, his followers wanted what he had. They wanted the key to success so they could live large too! More of the big news break here.   

   

However, there were musings on how he was involved in cybercrime. Subsequent investigations discovered a deep international web of business email compromise scams and money laundering, of which he was an integral part.   

  

Types of BEC scams   

   

You might have gotten laid off, just graduated university, or looking to re-enter the job market as an employee or worker. Things may look understandably bleak and daunting, which is what a cyber fraudster is banking on for the scam to work.    

   

Here are some signs that should get your alarm bells ringing when it comes to job prospects:   

   

1. False Invoice Scheme: Attackers commonly target foreign suppliers through this tactic. The scammer acts as if they are the supplier and requests fund transfers to fraudulent accounts.   
2. Attorney Impersonation: Attackers act like they are attorneys and act in that capacity in an attempt to authorize the transfer of funds and defraud the company. This is an illegal act that carries severe penalties. 
3. Data Theft: These attacks target HR employees to obtain sensitive information about high-level employees like executives in a company. It results in future attacks like CEO fraud.   
4. CEO Fraud: Attackers will use sensitive information from data thefts to act as the company’s CEO and email their finance department to request funds transferred to an account they created for the scam.   
5. Account Compromise: Attackers can hack into an employee’s email address and request payment from suppliers or vendors. The amounts are then diverted to accounts attackers create just for the scam.     

It looks pretty straightforward, and you could ask yourself, ‘Why does it work?’ Attackers exploit companies to the tune of billions lost to this form of fraud every year with their ever-evolving and sneakier methods. However, spending some minutes vetting correspondence could make all the difference in these cases.   

Here are crucial tips to spot the signs, so you don’t fall victim to these sly attackers:  

   

1. Pay close attention to email addresses, so you don’t send any data or payments to the wrong email addresses. An attacker may use tweaks like finance@cyberx.africa, for example, instead of the official email address, which may be finance@cyberxafrica.com. Red flag!   
2. Be very careful when inspecting invoices sent to you for fulfilment with new bank details. They may also use language with a sense of urgency and don’t refer to the recipient by name, opting for general salutations like ‘Dear Sir/ Madam.’ That might very well be a business email compromise scam!   
3. Sometimes, you may notice the invoice branding differs from what your supplier typically sends. Always treat this as suspicious. It doesn’t hurt to call the contact person from the company to confirm that the invoice is indeed from them. It opens the door for them to verify if they sent the invoice in the first place (You might have probably missed tip 1!).  
4. Do not share sensitive data or information on employees with anyone outside the organization or relevant department. It opens you up to CEO fraud.   
5. Implement MFA on all your company accounts, especially with a remote workforce. It will reduce the chances of being a target of these scams.   
6. Trust your intuition or gut feeling. If it feels off, it’s because something is wrong! Alert your supervisor and report the email as a phishing scam.   
7. Train, train, and train employees! The more they know, the more empowered they will be, and the harder it will be to fall victim to a business email compromise scam. BEC scams are social engineering scams and bet on a human’s ability to trust that who they are speaking to are actual vendors. 

We have tips on including the whole team in cybersecurity transformation in the workplace and being a human firewall when encountering a business email compromise scam. One small mistake can create a domino effect resulting in billions of losses.     

  

Feel free to reach out to us as well here. We are happy to help companies safeguard themselves against evolving threats!