Business Email Compromise (BEC) happens when the scammer poses as a trusted individual with a legitimate business request. BEC attacks are highly targeted, sent in low volumes and aimed at specific people.
The scams are hard to identify and may seem part of any day-to-day request to the target. BEC attacks cost businesses $2 billion in 2020 — could you and your employees identify a BEC scam?
In this 30-minute interactive webinar, we cover:
- The current messaging threat landscape
- How BEC works
- Mitigating email-based threats
Fill out the form to access the recording!
Meet The Presenter
National MSP Channel Manager, Trend Micro
Melanie has been in the Software and Technology field for over 12 years. During her career, she has worked as a Microsoft Specialist and assisted many organizations with their journey to the cloud. Cybersecurity is now her focus and she continues to educate others in the ever-evolving world of technology!
5 Types of Business Email Compromise
- The Bogus Invoice Scheme: Companies with foreign suppliers are often targeted with this tactic, wherein attackers pretend to be the suppliers requesting fund transfers for payments to an account owned by fraudsters.
- CEO Fraud: Attackers pose as the company CEO or any executive and send an email to employees in finance, requesting them to transfer money to the account they control.
- Account Compromise: An executive or employee’s email account is hacked and used to request invoice payments to vendors listed in their email contacts. Payments are then sent to fraudulent bank accounts.
- Attorney Impersonation: Attackers pretend to be a lawyer or someone from the law firm supposedly in charge of crucial and confidential matters. Normally, such bogus requests are done through email or phone and during the end of the business day.
- Data Theft: Employees under HR and bookkeeping are targeted to obtain personally identifiable information (PII) or tax statements of employees and executives. Such data can be used for future attacks.
Because these scams do not have any malicious links or attachments, they can evade traditional solutions. Employee training and awareness can help businesses spot these type of scams!