Business Email Compromise is on the Rise
Business email compromise (BEC) is a type of email cyber-crime scam in which an attacker targets businesses. At Krieger Worldwide, we take cyber security very seriously and wanted to share some recommendations on how to recognize BEC.
In BEC scams, the attacker poses as someone the recipient should trust, i.e. a boss, colleague, or vendor. The attacker asks the recipient to divert payroll, make a wire transfer, change banking details, and so on. BEC attacks rely on impersonation techniques, including domain spoofing and lookalike domains.
How Can You Protect Against BEC Exploits?
Because BEC depend on a willing (though unaware) victim, user awareness, email protection, and attack visibility are important roles in an effective defense. Train your staff to look for signs that the email looks suspicious:
High-level executives asking for unusual information—While many of us will naturally respond promptly from to an email from a high-level executive, it is worth pausing to consider if the request makes sense.
Requests to keep communication confidential—Attacker emails often ask the recipient to keep the request confidential or only communicate with the sender.
Requests to bypass normal channels—Many organizations have accounting systems through which payments and bills must be processed, no matter how urgent the request. If these channels are bypassed by an email directly, for example, an executive requesting an urgent wire transfer, the recipient should be suspicious.
There may be language issues or unusual date formats.
Email domains and “reply to” addresses that do not match sender’s—BEC emails often used spoofed and lookalike sender addresses that are easy to miss if the recipient isn’t paying attention. Sometimes they may only change one letter or switch an “o” for a zero, for example, yourc0mpany.com instead of yourcompany.com.
Attackers often send requests during the busiest time of the day so recipients are less likely to pause and consider if the request is suspicious. If something doesn’t feel right, it probably isn’t. Trust your gut.
If you receive an email or request containing WIRE TRANSFER INSTRUCTIONS, please confirm with us immediately to verify the information prior to sending funds. We have not changed any of our banking details and they are always included on our invoice and statement. We ask all our clients to check the sender’s emails address and confirm it is truly from our domain at nkinc.com. If you receive an email that does NOT end in nkinc.com, please notify your IT Security Team and contact us immediately.