Earlier this year the North Carolina county of Cabarrus in the U.S.A. was hit by a BEC scam, incurring loses to the tune of over $1.7m. Sadly, this is just one example of an increasingly common – and devastating – attack.
Business Email Compromise (BEC) is where cybercriminals combine social engineering with phishing techniques to trick targeted individuals at organizations into transferring funds or data.
Common approaches include hacking email accounts, spoofing the email addresses of senior executives, compromising trusted supplier emails, and spoofing bank and lawyer emails.
BEC attacks are targeted and time-consuming, with cybercrooks often working to compromise a single organization over several months – motivated by the very high potential gains.
And it’s working. BEC attacks are on the rise and 53% of organizations hit by a cyberattack last year say they were victims of phishing.
Minimize your risk
BEC attacks exploit the weakest link in the cybersecurity chain: people. They’re all about tricking people into falling for their spoofed emails, forged documents, and fake information.
All team members are potential targets for a BEC attack, not just finance, HR and senior executives – while they may not authorize big payments themselves, they may inadvertently give hackers information that helps them, or even access to company systems.
That’s why user education and training is key to minimizing the risk of a BEC attack. Through raising awareness of the issue and educating your teams on how to spot suspicious communications, you reduce the likelihood of being hit.
Sophos can help
Sophos Phish Threat is a phishing simulation and training tool that lets you raise user awareness by emulating the tactics used by real phishing attackers. You can set up test phishing campaigns in minutes.
It also includes online training to educate people on how to spot and stop the real thing. Plus, you can measure progress to track improvement and demonstrate ROI to the business.
In addition, our free anti-phishing toolkit gives you a fantastic set of resources to educate your team on phishing. It includes posters for your workplace, a PowerPoint presentation for meetings, examples of phishing emails, and top tips to spot phishy emails. Get your copy today.