Do you think your business is too small a target for email scammers? Take a look in the spam folder of any personal email account and you will likely see a large assortment of scam emails. These emails are targeting ordinary people, without any way for the scammer to know how much those individuals are worth. If you use email in any way, shape or form, your business is at risk.
One of the most common types of scams you are likely to face is known as a business email compromise (BEC). Unfortunately, you may not even realize that your business has been targeted by a BEC until the damage is already done.
How a BEC Works
There are two ways that these scam emails can end up resulting in a financial cost. The scammer may hijack a genuine business email, or ‘spoof’ a trusted email address. Once the hacker has access to a useable email account or spoofed email address, there are several ways in which he can run scams. The first is to send out emails to unsuspecting customers, advising them that your business bank account details have changed. The targets are then instructed to send payments to an alternative account belonging to the hacker.
Alternatively, scam emails are sent out to an accounts team, purporting to originate from the CEO of the company, requesting immediate payments to a specified account. Sophisticated hackers can create convincing emails with all the relevant information employees would expect to see, giving them no reason to suspect that the request is anything but genuine. Some of the largest companies and organizations in the world have fallen victim to this particular variation of BEC.
Who is at Risk?
Although scam emails that use the BEC method are typically more sophisticated than the average phishing email, hackers are not fussy about the types of businesses that they target. Small, medium and large businesses and organizations are at risk. The cumulative losses from a single attack can exceed hundreds of thousands of dollars. That’s before you consider the damage to the reputation of your business as a result of these email scams.
How to Prevent BECs
Prevention is the best cure, but no system is completely infallible, so effective management procedures are recommended. If your business has an accounts team, creating protocols where there are established and robust processes for payments and any change of billing details are a must. However, it is also important to educate employees on email security and how to recognize potential scam emails.
As well as recognizing scam emails, employees need to know how to treat the threat. A vigilant employee may attempt to investigate the email by clicking on links or forwarding it to a colleague. The fewer people that interact with a suspicious email, the better. Clicking a link could result in the download of malware that provides a hacker access to your network and data. If you do not have IT support, deleting the email is the best policy. In all cases, it is good practice to brief your employees and alert other relevant parties such as suppliers, landlords or customers.
At ClubDrive Systems, we can provide several managed IT services to protect your business from scam emails. Our network and computer monitoring team provide round-the-clock security against potential threats. We can help you develop effective strategies and reinforce your IT infrastructure, keeping sensitive data shielded at our secure data banks.
If you are concerned about BECs and other types of sophisticated email scams, reach out to a managed IT specialist from ClubDrive Systems to discuss available services today.